Lucene search
K

62 matches found

NVD
NVD
added 2002/12/31 5:0 a.m.15 views

CVE-2002-1935

Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable 1 Call-ID, 2 CSeq, and 3 "To" and "From" SIP URL values in a Session Identification Protocol SIP request, which allows remote attackers to avoid registering with the SIP registrar...

5CVSS6.6AI score0.01351EPSS
Exploits0References4
NVD
NVD
added 2002/12/31 5:0 a.m.17 views

CVE-2002-1934

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information...

5CVSS5.9AI score0.01189EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2002/12/31 12:0 a.m.5 views

PT-2002-2656 · Pingtel · Pingtel Xpressa

Name of the Vulnerable Software and Affected Versions: Pingtel Xpressa versions 1.2.5 through 2.0.1 Description: The issue allows remote attackers to avoid registering with the SIP registrar by exploiting predictable values in a Session Identification Protocol SIP request, specifically the Call-I...

5CVSS6.7AI score0.01351EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2002/12/31 12:0 a.m.5 views

PT-2002-2655 · Pingtel · Xpressa

Name of the Vulnerable Software and Affected Versions: Pingtel xpressa SIP-based voice-over-IP phone versions 1.2.5 through 2.0.1 Description: The issue allows attackers to obtain sensitive information, including the MD5 hash of the Admin password, MD5 hash of the physical password, and other...

5CVSS6.1AI score0.01189EPSS
Exploits0References5
securityvulns
securityvulns
added 2002/08/22 12:0 a.m.75 views

More Vulnerabilities with Pingtel xpressa SIP-based IP phones

The Sys-Security Group Security Advisory "More Vulnerabilities with Pingtel xpressa SIP-based IP Phones" Release Date: 08/20/2002 Affected Platforms: Pingtel xpressa SIP IP phones model PX-1 with software version 2.0.1 and below; Pingtel instant xpressa softphones with software version 2.0.1 and...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2002/08/22 12:0 a.m.34 views

Multiple problems with Pingtel xpressa SIP Phones

Multiple problems leading to full remote access...

2.2AI score
Exploits0References2
NVD
NVD
added 2002/07/23 4:0 a.m.12 views

CVE-2002-0667

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone...

10CVSS6.9AI score0.02615EPSS
Exploits0References4
NVD
NVD
added 2002/07/23 4:0 a.m.10 views

CVE-2002-0673

The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions...

4.6CVSS6.6AI score0.00345EPSS
Exploits0References3
NVD
NVD
added 2002/07/23 4:0 a.m.14 views

CVE-2002-0674

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication...

7.2CVSS6.5AI score0.00378EPSS
Exploits0References4
NVD
NVD
added 2002/07/23 4:0 a.m.16 views

CVE-2002-0670

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing...

7.5CVSS6.8AI score0.01635EPSS
Exploits0References3
NVD
NVD
added 2002/07/23 4:0 a.m.12 views

CVE-2002-0672

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null...

4.6CVSS6.6AI score0.00354EPSS
Exploits0References3
NVD
NVD
added 2002/07/23 4:0 a.m.15 views

CVE-2002-0675

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone...

4.6CVSS6.6AI score0.00351EPSS
Exploits0References4
NVD
NVD
added 2002/07/23 4:0 a.m.19 views

CVE-2002-0668

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls...

7.5CVSS6.4AI score0.01326EPSS
Exploits0References4
NVD
NVD
added 2002/07/23 4:0 a.m.16 views

CVE-2002-0671

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing...

9.8CVSS9.4AI score0.01151EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2002/07/23 12:0 a.m.5 views

PT-2002-1697 · Pingtel · Pingtel Xpressa

Name of the Vulnerable Software and Affected Versions: Pingtel xpressa SIP-based voice-over-IP phone versions 1.2.5 through 1.2.7.4 Description: The issue allows remote attackers to install Trojan horse applications via DNS spoofing because the phone downloads applications from a web site but...

9.8CVSS6.4AI score0.01151EPSS
Exploits0References6
Cvelist
Cvelist
added 2002/07/15 4:0 a.m.17 views

CVE-2002-0670

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing...

6.8AI score0.01635EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/07/15 4:0 a.m.25 views

CVE-2002-0667

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone...

6.9AI score0.02615EPSS
Exploits0References4
Cvelist
Cvelist
added 2002/07/15 4:0 a.m.18 views

CVE-2002-0675

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone...

6.6AI score0.00351EPSS
Exploits0References4
CVE
CVE
added 2002/07/15 4:0 a.m.44 views

CVE-2002-0667

CVE-2002-0667 concerns Pingtel xpressa SIP phones (model PX-1) running software 1.2.5–1.2.7.4. The issue arises from a default administrator password set to null (admin user), enabling remote and local administrative access, manipulation of SIP signaling, and potential takeover of the device. Con...

10CVSS6.9AI score0.02615EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2002/07/15 4:0 a.m.53 views

CVE-2002-0670

The CVE-2002-0670 issue affects Pingtel xpressa SIP phones (software versions 1.2.5–1.2.7.4). The web interface uses HTTP Basic authentication with Base64-encoded credentials, allowing remote attackers to sniff and decode usernames/passwords in transit. Documents confirm the risk is tied to unenc...

7.5CVSS6.8AI score0.01635EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder