Download our in-depth report: The Ultimate Guide to IT Security VendorsThe CERT Coordination Center on Thursday warned of numerous security vulnerabilities in vendor implementations of Session Initiation Protocol (SIP), a signaling protocol for Web conferencing, telephony, presence, events notification and instant messaging.
A security alert from CERT/CC said the vulnerabilities open the doors for an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior.
It warned that text-based SIP
The Center recommended that SIP-enabled devices and services be disabled until vendor patches are made available. "As a temporary measure, it may be possible to limit the scope of these vulnerabilities by blocking access to SIP devices and services at the network perimeter," CERT/CC said.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iSIP-enabled products from IPTel and Nortel Networks were found to be vulnerable.