Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2007-0528
HistoryJan 26, 2007 - 1:28 a.m.

CVE-2007-0528

2007-01-2601:28:00
[email protected]
web.nvd.nist.gov
3

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.024

Percentile

89.9%

JSON

The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).

Affected configurations

Nvd
Node
centrality_communicationspa168_chipsetRangefirmware_1.54
VendorProductVersionCPE
centrality_communicationspa168_chipset*cpe:2.3:h:centrality_communications:pa168_chipset:*:*:*:*:*:*:*:*

Related

prion 1
exploitdb 1
securityvulns 1
cve 1
cvelist 1
prion
prion
Information disclosure
2007-01-26 01:28:00
exploitdb
exploitdb
PA168 Chipset IP Phones - Weak Session Management
2007-01-24 00:00:00
securityvulns
securityvulns
Multiple IP Phones unauthorized access
2007-01-24 00:00:00
cve
cve
CVE-2007-0528
2007-01-26 01:28:00
cvelist
cvelist
CVE-2007-0528
2007-01-26 01:00:00

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.024

Percentile

89.9%

JSON
Related for NVD:CVE-2007-0528
prion1exploitdb1securityvulns1cve1cvelist1