Verizon VoLTE network found missing IPsec protections for SIP signaling

📅 3 June 2026 at 12:07 UTC📰 Cyber InsiderView original source ↗

The CERT Coordination Center (CERT/CC) has disclosed a security issue affecting Verizon's Voice over LTE (VoLTE) infrastructure, warning that SIP signaling traffic on the carrier's IP Multimedia Subsystem (IMS) network appears to lack IPsec integrity protection required by industry specifications. Tracked as CVE-2026-10629 and documented in this CERT/CC advisory, the issue could allow an on-path … The post Verizon VoLTE network found missing IPsec protections for SIP signaling appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Verizon's VoLTE network lacks IPsec protections for SIP signaling, allowing an on-path attacker to intercept and modify sensitive information, potentially enabling call hijacking and spoofing attacks.

⚙️Technical Details

💥Impact Assessment

Severity: Critical

Who Is at Risk

Verizon VoLTE subscribers and organizations with high-assurance VoLTE requirements

🛡️Recommended Actions

1Verify SIP security negotiation and IPsec ESP protection in IMS infrastructure

2Enable and enforce SIP security negotiation and IPsec ESP protection in devices

3Monitor signaling traffic for potential anomalies or tampering

🔐NVD Verified DataVERIFIED

CVE-2026-10629 ↗CVSS 9.1 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed