CERT Warns of SIP Vulnerabilities
Page 1 of 1
The CERT Coordination Center on Thursday warned of numerous security vulnerabilities in vendor implementations of Session Initiation Protocol (SIP), a signaling protocol for Web conferencing, telephony, presence, events notification and instant messaging.
A security alert from CERT/CC said the vulnerabilities open the doors for an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior.
It warned that text-based SIP
The Center recommended that SIP-enabled devices and services be disabled until vendor patches are made available. "As a temporary measure, it may be possible to limit the scope of these vulnerabilities by blocking access to SIP devices and services at the network perimeter," CERT/CC said.
SIP-enabled products from IPTel and Nortel Networks were found to be vulnerable.