An attacker could leverage this vulnerability to execute code on the affected system. It is recommended to update your oSIP package as soon as possible. Debian and derivatives were vulnerable. This includes: Debian 9 Stretch, Debian 8 Squeeze, Debian 7 Wheezy. Red Hat and derivatives were also vulnerable. This includes: Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 6. CentOS was vulnerable as well. This includes: CentOS 7. OpenSUSE was vulnerable. This includes: OpenSUSE Leap 15. SUSE was vulnerable. This includes: SUSE Linux Enterprise 15. Arch Linux was vulnerable. This includes: Arch Linux. Ubuntu was vulnerable. This includes: Ubuntu 16.04 Xenial, Ubuntu 14.04 Trusty, Ubuntu 12.04 Precise. Microsoft Windows was also vulnerable. This includes: Microsoft Windows 7, Microsoft Windows 10. oSIP version 5.1.0 to 5.1.13 were also vulnerable. oSIP 5.2.0 to 5.2.26 were not vulnerable. Red Hat Enterprise MRG 2 and Red Hat Enterprise MRG 3 were not vulnerable. These are Red Hat Enterprise Linux 7 Update 5 and Red Hat Enterprise Linux 6 Update 5. oSIP versions prior to 5.2.0 were not vulnerable. oSIP version before 5.1.0 were not vulnerable. oSIP version before 5.0.0 were not vulnerable. Debian stretch and derivatives were not vulnerable. Debian stretch and

Products Affected oSIP 5.1.0 to 5.1.13

oSIP 5.2.0 to 5.2.26
Red Hat Enterprise Linux 7 Update 5 and Red Hat Enterprise Linux 6 Update 5
OSIP versions prior to 5.2.0
OSIP versions before 5.1.0
Debian stretch and derivatives were not vulnerable

References:

1. https://www.sip-router.org/CVE-2022-41550
2. https://support.sip-router.org/kb/CVE-2022-41550
3. http://blog.sip-router.org/2019/01/vulnerability-in-osip_2600_52100
4. https://github.com/simonjhaley/CVE-2022-41550

Vulnerability Details

CVE-2022-41550 is a vulnerability in oSIP, which is an open source IP PBX software used to create and manage offices. The vulnerability allows an attacker to execute code on the affected system. This vulnerability applies to Debian and derivatives, including: Debian 9 Stretch, Debian 8 Squeeze, Debian 7 Wheezy. Red Hat and derivatives were also vulnerable in this vulnerability: Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 6. CentOS was also vulnerable as well: CentOS 7. OpenSUSE was also vulnerable: OpenSUSE Leap 15. SUSE was not vulnerable: SUSE Linux Enterprise 15. Arch Linux was not vulnerable either: Arch Linux. Ubuntu was not vulnerable either: Ubuntu 16.04 Xenial, Ubuntu 14.04 Trusty, Ubuntu 12.04 Precise. Microsoft Windows was also not vulnerable either: Microsoft Windows 7, Microsoft Windows 10! oSIP version 5.1.0 to 5.1.13 were also all affected by the vulnerability; while oSIP 5.2.0 to 5.2.26 were all not affected by this attack vector!

Timeline

Published on: 10/11/2022 22:15:00 UTC
Last modified on: 10/13/2022 17:13:00 UTC

References