Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) To and From SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Xpressa | Pingtel | 2.0 | 2.0 |
Xpressa | Pingtel | 1.2.8 | 1.2.8 |
Xpressa | Pingtel | 1.2.7.4 | 1.2.7.4 |
Xpressa | Pingtel | 1.2.5 | 1.2.5 |
Xpressa | Pingtel | 2.0.1 | 2.0.1 |