Intrusion Prevention

SIP.Header.XSS

Description

This indicates an attempt to exploit a cross-site scripting (XSS) vulnerability in Session Initiation Protocol (SIP), a VoIP signaling protocol.
The vulnerability is caused by the protocol not properly filtering some header field that's coming from the SIP message. An attacker may exploit this to perform XSS injection.

Affected Products

Linksys SPA Linksys SPA-941 (Version 5.1.8)

Impact

System compromise: Cross-site scripting.

Recommended Actions

Currently we are not aware of any officially released patch or update.

CVE References

CVE-2007-2191