Condorlab

CISCO – Unregister Vulnerability

CVE-ID CVE-2014-0658 Vulnerability Information A vulnerability in Session Initiation Protocol (SIP) header processing of Cisco fourth-generation IP phones could allow an unauthenticated, remote attacker to cause the IP phone to unregiste...

CISCO – Denial of Service Vulnerability

CVE-ID CVE-2013-5553 Vulnerability Information The vulnerability is due to incorrect processing of specially crafted SIP messages. An attacker could exploit this vulnerability by sending specific valid SIP messages to the SIP gateway.  ...

Vonage VoIP Multiple Security Vulnerabilities

Advisory ID RSN-UC-0027   Vulnerability Information The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofe...

Android OS Session Fixation

Advisory ID RSN-UT-0026 Vulnerability Information Some networks allow a user to attempt to establish multiple SIP sessions simultaneously rather than restricting a user to a single voice session, which may lead to denial of service attac...

Android OS Improper Authentication

Advisory ID RSN-UT-0025 Vulnerability Information Some networks do not properly authenticate every SIP message, allowing spoofing of phone numbers. Impact When an actor claims to have a given identity, the software does not pro...

Android OS Improper Access Control

Advisory ID RSN-UT-0024 Vulnerability Information Access control involves the use of several protection mechanisms such as authentication (proving the identity of an actor) authorization (ensuring that a given actor can access a resource...

ZoIPer Call-Info Denial of service

Advisory ID RSN-UT-0020 Vulnerability Information ZoIPer is vulnerable to a denial of service, caused by an error when processing SIP INVITE messages. By sending a specially-crafted SIP INVITE message with an empty Call-Info header, a re...

Polycom RealPresence CloudAXIS Suite HTML Injection

Advisory ID RSN-UT-0021 Vulnerability Information Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vect...

KPhone Local information disclosure

Advisory ID RSN-UT-0022 Vulnerability Information kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. Impact Allows local read usernames and SIP passwor...