Xpressa Security Vulnerabilities and Issues — Xpressa CVE List

Lucene search

PingtelXpressa

3 matches found

CVE•added 2002/07/23 4:0 a.m.•45 views

CVE-2002-0670

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.

7.5CVSS6.8AI score0.01257EPSS

CVE•added 2004/09/01 4:0 a.m.•42 views

CVE-2002-0668

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.

7.5CVSS6.4AI score0.0049EPSS

CVE•added 2004/09/01 4:0 a.m.•34 views

CVE-2002-0674

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.

7.2CVSS6.5AI score0.00069EPSS