CVE-2002-1935 Information

Description

Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID (2) CSeq and (3) \To\ and \From\ SIP URL values in a Session Identification Protocol (SIP) request which allows remote attackers to avoid registering with the SIP registrar.

Reference

http://online.securityfocus.com/archive/1/288383 http://www.iss.net/security_center/static/9949.php http://www.securityfocus.com/bid/5537 http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt