We've discovered a critical vulnerability affecting several WebRTC implementations, including RTPEngine, Asterisk, FreeSWITCH, and Skype (PSTN). Our research reveals that these systems fail to properly verify the origin of DTLS "ClientHello" messages, potentially leading to denial of service attacks. This isn't a specification bug, but a common implementation oversight.

The full OpenSIPS Security Audit report is published, with all details on how to reproduce the vulnerabilities found, root cause analysis and methodology used

How the Open Source SIP server may be vulnerable to OS command injection (remote code execution) when misusing the exec module, how to exploit and then fix it.