CVE-2002-1935

Name of the Vulnerable Software and Affected Versions Pingtel Xpressa versions 1.2.5 through 2.0.1

Description The issue allows remote attackers to avoid registering with the SIP registrar by exploiting predictable values in a Session Identification Protocol (SIP) request, specifically the Call-ID, CSeq, and "To" and "From" SIP URL values.

Recommendations For versions 1.2.5 through 2.0.1, consider implementing a randomization mechanism for the Call-ID, CSeq, and "To" and "From" SIP URL values in SIP requests to prevent predictability. As a temporary workaround, restrict access to the SIP registrar to minimize the risk of exploitation.