CVE-2002-1934

2022-10-0316:23:46

mitre

www.cve.org

pingtel xpressa

sip-based

voip

sensitive information

boot-up

md5 hash

admin password

physical password

registration information.

5.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.

References

online.securityfocus.com/archive/1/288383

www.iss.net/security_center/static/9948.php

www.securityfocus.com/bid/5534

www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt