463 matches found
CVE-2026-10629
SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...
CVE-2026-10629
SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...
EUVD-2026-33945
SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...
Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE Deployments
Overview VoLTE deployments on Verizon’s IMS network have operated without negotiated SIP integrity protection. In observed test conditions, SIP signaling—including registration, call setup, and messaging—traveled without IPsec ESP encapsulation and without SIP Security Agreement headers, exposing...
CVE-2025-71255
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2025-71252
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2025-71254
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2025-71253
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2025-71251
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2025-71255
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2025-71255
Technical details are not publicly available in the provided documents. Monitor for updates from the vendor and CVE databases to confirm affected products, root cause specifics, and remediation.
EUVD-2025-209655
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2025-71254
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2025-71254
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2025-71254
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2025-71254
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
EUVD-2025-209651
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2025-71253
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2025-71253
CVE-2025-71253 concerns Modem IMS with an input validation flaw that can allow remote denial of service without extra privileges. The issue is described as improper input validation in Modem IMS, leading to availability impact (high) per CVSS vector: Network access, no user interaction, low attac...
CVE-2025-71253
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed...