Skip to main content

Kamailio CVE-2015-1590

HIGH
Permissions, Privileges, and Access Controls (CWE-264)
2017-09-07 cve@mitre.org
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 07, 2017 - 14:29 cve.org
HIGH 7.8

DescriptionCVE.org

The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl.

AnalysisAI

The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-264. The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. Affected products include: Kamailio. Version information: before 4.3.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-2385 CRITICAL POC
9.8 Apr 11

Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER a

CVE-2018-16657 CRITICAL POC
9.8 Sep 07

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation

CVE-2018-14767 CRITICAL POC
9.8 Jul 31

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag c

CVE-2013-7426 CRITICAL
9.8 Aug 29

Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. Rated critical severity (CVSS 9.8), this

CVE-2018-8828 CRITICAL
9.8 Mar 20

A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. Rated criti

CVE-2020-28361 MEDIUM POC
5.4 Nov 18

Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allow

CVE-2015-1591 HIGH
7.8 Jun 27

The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. Rated high severity (CVSS 7

CVE-2026-39863 HIGH
7.5 Apr 08

Out-of-bounds memory access in Kamailio SIP server versions before 5.8.8, 6.0.6, and 6.1.1 enables unauthenticated remot

CVE-2025-12207 LOW POC
1.9 Oct 27

Null pointer dereference in Kamailio 5.5.0's grammar rule handler (src/core/cfg.y, yyerror_at function) causes denial of

CVE-2025-12206 LOW POC
1.9 Oct 27

Kamailio 5.5.0 suffers a null pointer dereference in the rve_is_constant function (src/core/rvalue.c) triggered by manip

CVE-2025-12205 LOW POC
1.9 Oct 27

Use-after-free vulnerability in Kamailio 5.5.0 configuration file parser allows local authenticated attackers to cause d

CVE-2025-12204 LOW POC
1.9 Oct 27

Heap-based buffer overflow in Kamailio 5.5.0's rve_destroy function allows local authenticated attackers to cause limite

Share

CVE-2015-1590 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy