Detections
Analytics

CVE-2026-10629

critical

Description

SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network.

References

https://kb.cert.org/vuls/id/615987

https://www.kb.cert.org/vuls/id/615987

https://www.3gpp.org/DynReport/33203.htm

Details

Source: Mitre, NVD

Published: 2026-06-02

Updated: 2026-06-02

Risk Information

CVSS v2

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical