VULHUB ™

Xpressa is the Java-Based Voice-Over-IP phone developed and distributed by Pingtel. The Session Identification Protocol (SIP) is used by VoIP devices to initiate communication sessions. Reportedly, vulnerable Xpressa devices use predictable values for both the Call-ID and CSeq parameters in SIP communications. An attacker may use this knowledge to inject data into a valid communication stream. Session hijacking or subversion may be possible.

Xpressa is the Java-Based Voice-Over-IP phone developed and distributed by Pingtel. The Session Identification Protocol (SIP) is used by VoIP devices to initiate communication sessions. Reportedly, vulnerable Xpressa devices use predictable values for both the Call-ID and CSeq parameters in SIP communications. An attacker may use this knowledge to inject data into a valid communication stream. Session hijacking or subversion may be possible.