https://vulnerability.circl.lu/sightings/feed 2026-06-07T23:26:22.791393+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/1a0240ab-4f5a-4cd8-bc0a-6c58fef756c7/export 2026-06-07T23:26:23.265834+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "1a0240ab-4f5a-4cd8-bc0a-6c58fef756c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10629", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/116682615290341234", "content": ":dumpster_fire_gif: :blobcatpopcorn: :dumpster_fire_gif: \nhttps://github.com/xchg-rax-rax/vulnerability-research\n\nCVE-2026-10629Verizon IMS deployments were observed transmitting SIP signaling without integrity protection. REGISTER exchanges lacked Security-Client, Security-Server, and Security-Verify headers, and no ESP-encapsulated SIP traffic was detected during subsequent signaling such as INVITE, MESSAGE, BYE, and UPDATE. This pattern persisted across devices, operating systems, and network conditions, indicating a deliberate network configuration rather than a transient issue.\nPer 3GPP TS 33.203 and GSMA IR.92, SIP signaling between the UE and P-CSCF must be protected using IPsec ESP following IMS AKA authentication, with negotiation occurring during registration. The absence of this protection allows attackers to manipulate SIP signaling undetected, enabling call hijacking, spoofing, denial-of-service, and misrouting of emergency calls.\nVerizon initially acknowledged the issue and stated that integrity support would be available upon request and extended broadly later in the year. However, the company has since ceased participation in coordination, including follow-up discussions and draft review, and has not provided verifiable evidence of mitigation. As remediation remains unconfirmed, this disclosure proceeds to inform users of an ongoing security exposure.\nIndependent verification would require observation of successful SIP security negotiation, ESP-protected traffic, or official confirmation from Verizon.", "creation_timestamp": "2026-06-02T21:23:34.873409Z"} 2026-06-02T21:23:34.873409+00:00 https://vulnerability.circl.lu/sighting/70462710-2e73-4a9a-b736-28bbd2b4ec0c/export 2026-06-07T23:26:23.265744+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "70462710-2e73-4a9a-b736-28bbd2b4ec0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10629", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/116682616422398554", "content": ":dumpster_fire_gif: :blobcatpopcorn: :dumpster_fire_gif: \nhttps://www.kb.cert.org/vuls/id/615987\n\nCVE-2026-10629Verizon IMS deployments were observed transmitting SIP signaling without integrity protection. REGISTER exchanges lacked Security-Client, Security-Server, and Security-Verify headers, and no ESP-encapsulated SIP traffic was detected during subsequent signaling such as INVITE, MESSAGE, BYE, and UPDATE. This pattern persisted across devices, operating systems, and network conditions, indicating a deliberate network configuration rather than a transient issue.\nPer 3GPP TS 33.203 and GSMA IR.92, SIP signaling between the UE and P-CSCF must be protected using IPsec ESP following IMS AKA authentication, with negotiation occurring during registration. The absence of this protection allows attackers to manipulate SIP signaling undetected, enabling call hijacking, spoofing, denial-of-service, and misrouting of emergency calls.\nVerizon initially acknowledged the issue and stated that integrity support would be available upon request and extended broadly later in the year. However, the company has since ceased participation in coordination, including follow-up discussions and draft review, and has not provided verifiable evidence of mitigation. As remediation remains unconfirmed, this disclosure proceeds to inform users of an ongoing security exposure.\nIndependent verification would require observation of successful SIP security negotiation, ESP-protected traffic, or official confirmation from Verizon.", "creation_timestamp": "2026-06-02T21:23:59.171829Z"} 2026-06-02T21:23:59.171829+00:00 https://vulnerability.circl.lu/sighting/aecf2848-4625-4180-8641-d1e24589450d/export 2026-06-07T23:26:23.265633+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "aecf2848-4625-4180-8641-d1e24589450d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10629", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mndsmie4oo23", "content": "\ud83d\udd34 CVE-2026-10629 - Critical (9.1)\n\nSIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec i...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-10629/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-03T00:02:33.225428Z"} 2026-06-03T00:02:33.225428+00:00 https://vulnerability.circl.lu/sighting/20f3fad0-53d0-46d9-9d8e-a7fb92ab7ffc/export 2026-06-07T23:26:23.263131+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "20f3fad0-53d0-46d9-9d8e-a7fb92ab7ffc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10629", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mndtkjz2gx2w", "content": "\ud83d\udd34 CVE-2026-10629 - Critical (9.1)\n\nSIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec i...\n\nhttps://www.themasherwire.com/vulnerability/CVE-2026-10629/\n\n#infosec #potatosecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-03T00:19:21.003798Z"} 2026-06-03T00:19:21.003798+00:00