Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack"). NOTE: Debian disputes this issue, stating that "having the two URIs mismatch is allowed by the standard and happens in some setups for valid reasons.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco CallManager和Openser SIP消息非授权呼叫漏洞
Vulnerability Description
Cisco OpenSER是常用的网络IP电话解决方案。 CiscoOpenSER没有检查用户在Digest认证头中所提供的URI是否与消息的REQUEST-URI一致,这允许恶意用户从正常用户嗅探Digest认证,然后代表该用户呼叫任意扩展。
CVSS Information
N/A
Vulnerability Type
N/A