Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Identity) leak. The Cell ID might be usable to identify a cell location via crowdsourced data, and might correspond to a small physical area (e.g., if the called party is in a city centre). Removal of the Cellular-Network-Info header is mentioned in section 4.4.19 of ETSI TS 124 229.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
通过发送数据的信息暴露
Vulnerability Title
O2 VoLTE 安全漏洞
Vulnerability Description
O2 VoLTE是英国O2公司的一种通过基于互联网的协议在移动网络上拨打电话的方式。 O2 VoLTE 2025-05-17及之前版本存在安全漏洞,该漏洞源于ECI泄露。
CVSS Information
N/A
Vulnerability Type
N/A