Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for xpressa by pingtel

    CVE-2002-1935 (GCVE-0-2002-1935)

    Vulnerability from cvelistv5 – Published: 2005-06-28 04:00 – Updated: 2024-09-17 01:15
    VLAI
    Summary
    Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:43:33.607Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/288383"
              },
              {
                "name": "pingtel-xpressa-weak-parameters(9949)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9949.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt"
              },
              {
                "name": "5537",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/5537"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) \"To\" and \"From\" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-28T04:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/288383"
            },
            {
              "name": "pingtel-xpressa-weak-parameters(9949)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9949.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt"
            },
            {
              "name": "5537",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/5537"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1935",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) \"To\" and \"From\" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/288383"
                },
                {
                  "name": "pingtel-xpressa-weak-parameters(9949)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9949.php"
                },
                {
                  "name": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt",
                  "refsource": "MISC",
                  "url": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt"
                },
                {
                  "name": "5537",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/5537"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1935",
        "datePublished": "2005-06-28T04:00:00.000Z",
        "dateReserved": "2005-06-28T04:00:00.000Z",
        "dateUpdated": "2024-09-17T01:15:43.378Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1934 (GCVE-0-2002-1934)

    Vulnerability from cvelistv5 – Published: 2005-06-28 04:00 – Updated: 2024-09-16 22:52
    VLAI
    Summary
    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:43:33.469Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/288383"
              },
              {
                "name": "5534",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/5534"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt"
              },
              {
                "name": "pingtel-xpressa-information-leak(9948)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9948.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-28T04:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/288383"
            },
            {
              "name": "5534",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/5534"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt"
            },
            {
              "name": "pingtel-xpressa-information-leak(9948)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9948.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1934",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/288383"
                },
                {
                  "name": "5534",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/5534"
                },
                {
                  "name": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt",
                  "refsource": "MISC",
                  "url": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt"
                },
                {
                  "name": "pingtel-xpressa-information-leak(9948)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9948.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1934",
        "datePublished": "2005-06-28T04:00:00.000Z",
        "dateReserved": "2005-06-28T04:00:00.000Z",
        "dateUpdated": "2024-09-16T22:52:03.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1680 (GCVE-0-2004-1680)

    Vulnerability from cvelistv5 – Published: 2005-02-20 05:00 – Updated: 2024-08-08 01:00
    VLAI
    Summary
    application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/11161 vdb-entryx_refsource_BID
    http://secunia.com/advisories/12523 third-party-advisoryx_refsource_SECUNIA
    http://www.atstake.com/research/advisories/2004/a… vendor-advisoryx_refsource_ATSTAKE
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:00:37.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "11161",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11161"
              },
              {
                "name": "12523",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12523"
              },
              {
                "name": "A091304-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2004/a091304-2.txt"
              },
              {
                "name": "xpressa-applicationcgi-dos(17346)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17346"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "11161",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11161"
            },
            {
              "name": "12523",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12523"
            },
            {
              "name": "A091304-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2004/a091304-2.txt"
            },
            {
              "name": "xpressa-applicationcgi-dos(17346)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17346"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1680",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "11161",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11161"
                },
                {
                  "name": "12523",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12523"
                },
                {
                  "name": "A091304-2",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2004/a091304-2.txt"
                },
                {
                  "name": "xpressa-applicationcgi-dos(17346)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17346"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1680",
        "datePublished": "2005-02-20T05:00:00.000Z",
        "dateReserved": "2005-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:00:37.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0672 (GCVE-0-2002-0672)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.597Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              },
              {
                "name": "pingtel-xpressa-factory-defaults(9567)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9567.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-07-25T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            },
            {
              "name": "pingtel-xpressa-factory-defaults(9567)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9567.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0672",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                },
                {
                  "name": "pingtel-xpressa-factory-defaults(9567)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9567.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0672",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0673 (GCVE-0-2002-0673)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.705Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              },
              {
                "name": "pingtel-xpressa-phone-reregister(9568)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9568.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-07-25T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            },
            {
              "name": "pingtel-xpressa-phone-reregister(9568)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9568.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0673",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                },
                {
                  "name": "pingtel-xpressa-phone-reregister(9568)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9568.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0673",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0674 (GCVE-0-2002-0674)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.481Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              },
              {
                "name": "5221",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/5221"
              },
              {
                "name": "pingtel-xpressa-admin-timeout(9569)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9569"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not \"time out\" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-10-26T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            },
            {
              "name": "5221",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/5221"
            },
            {
              "name": "pingtel-xpressa-admin-timeout(9569)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9569"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0674",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not \"time out\" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                },
                {
                  "name": "5221",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/5221"
                },
                {
                  "name": "pingtel-xpressa-admin-timeout(9569)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9569"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0674",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0668 (GCVE-0-2002-0668)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.214Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              },
              {
                "name": "5144",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/5144"
              },
              {
                "name": "pingtel-xpressa-call-hijacking(9563)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-08-18T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            },
            {
              "name": "5144",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/5144"
            },
            {
              "name": "pingtel-xpressa-call-hijacking(9563)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                },
                {
                  "name": "5144",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/5144"
                },
                {
                  "name": "pingtel-xpressa-call-hijacking(9563)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0668",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0669 (GCVE-0-2002-0669)

    Vulnerability from cvelistv5 – Published: 2003-02-11 05:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.iss.net/security_center/static/9564.php vdb-entryx_refsource_XF
    http://www.atstake.com/research/advisories/2002/a… vendor-advisoryx_refsource_ATSTAKE
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.702Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "pingtel-xpressa-web-dos(9564)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9564.php"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2003-03-18T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "pingtel-xpressa-web-dos(9564)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9564.php"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0669",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "pingtel-xpressa-web-dos(9564)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9564.php"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0669",
        "datePublished": "2003-02-11T05:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0675 (GCVE-0-2002-0675)

    Vulnerability from cvelistv5 – Published: 2002-07-15 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.734Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "5223",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/5223"
              },
              {
                "name": "pingtel-xpressa-firmware-upgrade(9570)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9570.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-10T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "5223",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/5223"
            },
            {
              "name": "pingtel-xpressa-firmware-upgrade(9570)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9570.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0675",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "5223",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/5223"
                },
                {
                  "name": "pingtel-xpressa-firmware-upgrade(9570)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9570.php"
                },
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "MISC",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0675",
        "datePublished": "2002-07-15T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0670 (GCVE-0-2002-0670)

    Vulnerability from cvelistv5 – Published: 2002-07-15 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.488Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "pingtel-xpressa-plaintext-passwords(9565)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9565.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-10T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "pingtel-xpressa-plaintext-passwords(9565)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9565.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0670",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "pingtel-xpressa-plaintext-passwords(9565)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9565.php"
                },
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0670",
        "datePublished": "2002-07-15T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0667 (GCVE-0-2002-0667)

    Vulnerability from cvelistv5 – Published: 2002-07-15 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.295Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "5214",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/5214"
              },
              {
                "name": "pingtel-xpressa-default-password(9562)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9562.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-10T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "5214",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/5214"
            },
            {
              "name": "pingtel-xpressa-default-password(9562)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9562.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0667",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "5214",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/5214"
                },
                {
                  "name": "pingtel-xpressa-default-password(9562)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9562.php"
                },
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0667",
        "datePublished": "2002-07-15T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1680 (GCVE-0-2004-1680)

    Vulnerability from nvd – Published: 2005-02-20 05:00 – Updated: 2024-08-08 01:00
    VLAI
    Summary
    application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/11161 vdb-entryx_refsource_BID
    http://secunia.com/advisories/12523 third-party-advisoryx_refsource_SECUNIA
    http://www.atstake.com/research/advisories/2004/a… vendor-advisoryx_refsource_ATSTAKE
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:00:37.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "11161",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11161"
              },
              {
                "name": "12523",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12523"
              },
              {
                "name": "A091304-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2004/a091304-2.txt"
              },
              {
                "name": "xpressa-applicationcgi-dos(17346)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17346"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "11161",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11161"
            },
            {
              "name": "12523",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12523"
            },
            {
              "name": "A091304-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2004/a091304-2.txt"
            },
            {
              "name": "xpressa-applicationcgi-dos(17346)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17346"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1680",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "11161",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11161"
                },
                {
                  "name": "12523",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12523"
                },
                {
                  "name": "A091304-2",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2004/a091304-2.txt"
                },
                {
                  "name": "xpressa-applicationcgi-dos(17346)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17346"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1680",
        "datePublished": "2005-02-20T05:00:00.000Z",
        "dateReserved": "2005-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:00:37.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0669 (GCVE-0-2002-0669)

    Vulnerability from nvd – Published: 2003-02-11 05:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.iss.net/security_center/static/9564.php vdb-entryx_refsource_XF
    http://www.atstake.com/research/advisories/2002/a… vendor-advisoryx_refsource_ATSTAKE
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.702Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "pingtel-xpressa-web-dos(9564)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9564.php"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2003-03-18T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "pingtel-xpressa-web-dos(9564)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9564.php"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0669",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "pingtel-xpressa-web-dos(9564)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9564.php"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0669",
        "datePublished": "2003-02-11T05:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1935 (GCVE-0-2002-1935)

    Vulnerability from nvd – Published: 2005-06-28 04:00 – Updated: 2024-09-17 01:15
    VLAI
    Summary
    Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:43:33.607Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/288383"
              },
              {
                "name": "pingtel-xpressa-weak-parameters(9949)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9949.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt"
              },
              {
                "name": "5537",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/5537"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) \"To\" and \"From\" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-28T04:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/288383"
            },
            {
              "name": "pingtel-xpressa-weak-parameters(9949)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9949.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt"
            },
            {
              "name": "5537",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/5537"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1935",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) \"To\" and \"From\" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/288383"
                },
                {
                  "name": "pingtel-xpressa-weak-parameters(9949)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9949.php"
                },
                {
                  "name": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt",
                  "refsource": "MISC",
                  "url": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt"
                },
                {
                  "name": "5537",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/5537"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1935",
        "datePublished": "2005-06-28T04:00:00.000Z",
        "dateReserved": "2005-06-28T04:00:00.000Z",
        "dateUpdated": "2024-09-17T01:15:43.378Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1934 (GCVE-0-2002-1934)

    Vulnerability from nvd – Published: 2005-06-28 04:00 – Updated: 2024-09-16 22:52
    VLAI
    Summary
    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:43:33.469Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/288383"
              },
              {
                "name": "5534",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/5534"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt"
              },
              {
                "name": "pingtel-xpressa-information-leak(9948)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9948.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-28T04:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/288383"
            },
            {
              "name": "5534",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/5534"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt"
            },
            {
              "name": "pingtel-xpressa-information-leak(9948)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9948.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1934",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020820 More Vulnerabilities with Pingtel xpressa SIP-based IP phones",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/288383"
                },
                {
                  "name": "5534",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/5534"
                },
                {
                  "name": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt",
                  "refsource": "MISC",
                  "url": "http://www.sys-security.com/archive/advisories/More_Vulnerabilities_with_Pingtel_xpressa_SIP-based_IP_phones.txt"
                },
                {
                  "name": "pingtel-xpressa-information-leak(9948)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9948.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1934",
        "datePublished": "2005-06-28T04:00:00.000Z",
        "dateReserved": "2005-06-28T04:00:00.000Z",
        "dateUpdated": "2024-09-16T22:52:03.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0675 (GCVE-0-2002-0675)

    Vulnerability from nvd – Published: 2002-07-15 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.734Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "5223",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/5223"
              },
              {
                "name": "pingtel-xpressa-firmware-upgrade(9570)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9570.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-10T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "5223",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/5223"
            },
            {
              "name": "pingtel-xpressa-firmware-upgrade(9570)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9570.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0675",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "5223",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/5223"
                },
                {
                  "name": "pingtel-xpressa-firmware-upgrade(9570)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9570.php"
                },
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "MISC",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0675",
        "datePublished": "2002-07-15T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0672 (GCVE-0-2002-0672)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.597Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              },
              {
                "name": "pingtel-xpressa-factory-defaults(9567)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9567.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-07-25T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            },
            {
              "name": "pingtel-xpressa-factory-defaults(9567)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9567.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0672",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                },
                {
                  "name": "pingtel-xpressa-factory-defaults(9567)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9567.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0672",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0673 (GCVE-0-2002-0673)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.705Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              },
              {
                "name": "pingtel-xpressa-phone-reregister(9568)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9568.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-07-25T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            },
            {
              "name": "pingtel-xpressa-phone-reregister(9568)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9568.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0673",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                },
                {
                  "name": "pingtel-xpressa-phone-reregister(9568)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9568.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0673",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0674 (GCVE-0-2002-0674)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.481Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              },
              {
                "name": "5221",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/5221"
              },
              {
                "name": "pingtel-xpressa-admin-timeout(9569)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9569"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not \"time out\" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-10-26T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            },
            {
              "name": "5221",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/5221"
            },
            {
              "name": "pingtel-xpressa-admin-timeout(9569)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9569"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0674",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not \"time out\" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                },
                {
                  "name": "5221",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/5221"
                },
                {
                  "name": "pingtel-xpressa-admin-timeout(9569)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9569"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0674",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0668 (GCVE-0-2002-0668)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.214Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              },
              {
                "name": "5144",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/5144"
              },
              {
                "name": "pingtel-xpressa-call-hijacking(9563)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-08-18T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            },
            {
              "name": "5144",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/5144"
            },
            {
              "name": "pingtel-xpressa-call-hijacking(9563)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                },
                {
                  "name": "5144",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/5144"
                },
                {
                  "name": "pingtel-xpressa-call-hijacking(9563)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0668",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0670 (GCVE-0-2002-0670)

    Vulnerability from nvd – Published: 2002-07-15 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.488Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "pingtel-xpressa-plaintext-passwords(9565)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9565.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-10T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "pingtel-xpressa-plaintext-passwords(9565)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9565.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0670",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "pingtel-xpressa-plaintext-passwords(9565)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9565.php"
                },
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0670",
        "datePublished": "2002-07-15T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0667 (GCVE-0-2002-0667)

    Vulnerability from nvd – Published: 2002-07-15 04:00 – Updated: 2024-08-08 02:56
    VLAI
    Summary
    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:56:38.295Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "5214",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/5214"
              },
              {
                "name": "pingtel-xpressa-default-password(9562)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9562.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
              },
              {
                "name": "A071202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ATSTAKE",
                  "x_transferred"
                ],
                "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-10T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "5214",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/5214"
            },
            {
              "name": "pingtel-xpressa-default-password(9562)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9562.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
            },
            {
              "name": "A071202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_ATSTAKE"
              ],
              "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0667",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "5214",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/5214"
                },
                {
                  "name": "pingtel-xpressa-default-password(9562)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9562.php"
                },
                {
                  "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
                  "refsource": "CONFIRM",
                  "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
                },
                {
                  "name": "A071202-1",
                  "refsource": "ATSTAKE",
                  "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0667",
        "datePublished": "2002-07-15T04:00:00.000Z",
        "dateReserved": "2002-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:56:38.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }