Description
SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network.
Published: 2026-06-02
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SIP signaling stack in Verizon IMS omits IPsec integrity protection, missing Security-Client/Security-Server headers and ESP traffic. This allows an on‑path attacker to passively eavesdrop and actively manipulate unsecured SIP messages over the radio and core network, compromising confidentiality, integrity and authenticity of VoLTE signaling.

Affected Systems

Verizon IMS (VoLTE) of unspecified version is affected. No other vendors or product versions are listed.

Risk and Exploitability

The vulnerability has no published CVSS or EPSS score, and it is not currently listed in the CISA KEV catalog. Nevertheless, the absence of integrity protection on a core telecommunication protocol means that an attacker who can position themselves on the network path can easily modify or forge call setup and teardown messages, potentially leading to service disruption, spoofed calls or fraud. The attack vector is passive and active eavesdropping over radio or core links, requiring no special privileges beyond network access.

Generated by OpenCVE AI on June 2, 2026 at 16:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy IPsec or TLS/DTLS to provide integrity and confidentiality for SIP traffic.
  • Configure Security-Client and Security-Server headers in all SIP messages.
  • Enforce application‑layer encryption for VoLTE signaling across all segments of the network.

Generated by OpenCVE AI on June 2, 2026 at 16:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-277

Tue, 02 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
References

Tue, 02 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network.
Title CVE-2026-10629
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-06-02T15:23:02.208Z

Reserved: 2026-06-02T14:31:31.922Z

Link: CVE-2026-10629

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-02T16:16:34.813

Modified: 2026-06-02T17:35:17.730

Link: CVE-2026-10629

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T16:30:13Z

Weaknesses