Pingtel Xpressa SIP VoIP phones contain a flaw that may allow an attacker to hijack Call Sessions. The issue exists because an authenticated user is allowed to control Call Forwarding settings via the web interface. It is possible that the flaw may allow a malicious authenticated user to hijack VoIP calls resulting in a loss of confidentiality.
Upgrade to version 2.0.1 or higher, as it has been reported to mitigate this vulnerability, alerting users when Call Forwarding is active. It is also possible to correct the flaw by following the document "Best Practices for Deploying Pingtel phones".