Lucene search

[email protected]CVE-2007-0528

HistoryJan 26, 2007 - 1:28 a.m.

CVE-2007-0528

2007-01-2601:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0528

centrality communications

aredfox

pa168 chipset

firmware

ip phones

authentication

remote access

sensitive information

nvd

6.9 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.7%

JSON

The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).

CPENameOperatorVersion
centrality_communications:pa168_chipsetcentrality communications pa168 chipsetlefirmware_1.54

CPE	Name	Operator	Version
centrality_communications:pa168_chipset	centrality communications pa168 chipset	le	firmware_1.54

References

osvdb.org/32966

secunia.com/advisories/23919

secunia.com/advisories/23936

www.procheckup.com/Vulner_PR0614.php

www.securityfocus.com/archive/1/457868/100/0/threaded

www.vupen.com/english/advisories/2007/0346

www.exploit-db.com/exploits/3189

6.9 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.7%

JSON

Related for CVE-2007-0528

prion1 securityvulns1