025 – Call interception
Description
It is possible to intercept calls made using the VoIP platform because the communication is not encrypted.
Impact
Get call information.
Recommendation
Configure the channel with TLS or SRTP and TLS, or configure a firewall to cipher calls.
Threat
Attacker authenticated from the Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: L
- Attack Requirements: N
- Privileges required: L
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: X