Pingtel Xpressa 1.2.5 up to and including 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote malicious users to avoid registering with the SIP registrar.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pingtel xpressa 2.0 |
||
pingtel xpressa 1.2.8 |
||
pingtel xpressa 1.2.7.4 |
||
pingtel xpressa 1.2.5 |
||
pingtel xpressa 2.0.1 |