Lucene search
HistoryJul 23, 2002 - 4:00 a.m.
CVE-2002-0670
pingtel
xpressa
sip
voice-over-ip
phone
web interface
vulnerability
cve-2002-0670
base64
authentication
remote attackers
sniffing
6.8 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.9%
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.
Affected configurations
Node
pingtelxpressaMatch1.2.5
ORpingtelxpressaMatch1.2.7.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| pingtel:xpressa | pingtel xpressa | eq | 1.2.5 |
| pingtel:xpressa | pingtel xpressa | eq | 1.2.7.4 |
Related
nvd
nvd
CVE-2002-0670
2002-07-23 04:00:00
cvelist
cvelist
CVE-2002-0670
2002-07-15 04:00:00
securityvulns
securityvulns
@stake Advisory: Multiple Vulnerabilities with Pingtel xpressa SIP Phones
2002-07-13 00:00:00
6.8 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.9%
Related for CVE-2002-0670