Lucene search

[email protected]CVE-2002-1934

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2002-1934

2022-10-0316:23:46

[email protected]

web.nvd.nist.gov

pingtel

xpressa

sip

voip

phone

security

vulnerability

cve-2002-1934

information leak

md5 hash

admin password

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.

Affected configurations

NVD

Node

pingtelxpressaMatch1.2.5

pingtelxpressaMatch1.2.7.4

pingtelxpressaMatch1.2.8

pingtelxpressaMatch2.0

pingtelxpressaMatch2.0.1

CPENameOperatorVersion
pingtel:xpressapingtel xpressaeq1.2.5
pingtel:xpressapingtel xpressaeq1.2.7.4
pingtel:xpressapingtel xpressaeq1.2.8
pingtel:xpressapingtel xpressaeq2.0
pingtel:xpressapingtel xpressaeq2.0.1

CPE	Name	Operator	Version
pingtel:xpressa	pingtel xpressa	eq	1.2.5
pingtel:xpressa	pingtel xpressa	eq	1.2.7.4
pingtel:xpressa	pingtel xpressa	eq	1.2.8
pingtel:xpressa	pingtel xpressa	eq	2.0
pingtel:xpressa	pingtel xpressa	eq	2.0.1

References

online.securityfocus.com/archive/1/288383

www.iss.net/security_center/static/9948.php

www.securityfocus.com/bid/5534

www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for CVE-2002-1934

nvd1 cvelist1