This threat is linked to three protocols, HTTP, HTTPS and SIP in Avalanche. While the HTTP and HTTPS seem logical, SIP is not so apparent.
Engineering has confirmed under CR#350371048 that the Telus description shows that SIP might be involved in the threat, and is also backed due to vulnurability being exposed also in Microsoft Communicator.