Lucene search

[email protected]CVE-2005-0506

HistoryMar 14, 2005 - 5:00 a.m.

CVE-2005-0506

2005-03-1405:00:00

[email protected]

web.nvd.nist.gov

avaya

ip office

phone manager

sensitive data

cleartext

registry key

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.3%

JSON

The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.

Affected configurations

NVD

Node

avayaip_office_phone_manager

avayaip_soft_phone

CPENameOperatorVersion
avaya:ip_office_phone_manageravaya ip office phone managereq*
avaya:ip_soft_phoneavaya ip soft phoneeq*

CPE	Name	Operator	Version
avaya:ip_office_phone_manager	avaya ip office phone manager	eq	*
avaya:ip_soft_phone	avaya ip soft phone	eq	*

References

marc.info/?l=bugtraq&m=110909733831694&w=2

marc.info/?l=bugtraq&m=110910486128709&w=2

support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.3%

JSON

Related for CVE-2005-0506

nvd1 cvelist1