VAR-200409-0091
Vulnerability from variot - Updated: 2022-05-17 02:12The Pingtel series are SIP products, one of which is the Xpressa SIP desktop phone.
There is a problem with the HTTP management interface of the Pingtel Xpressa phone. A remote attacker could use this vulnerability to conduct a denial-of-service attack on the device and crash the VxWorks operating system.
Pingtel Xpressa phones can be managed through various interfaces (console, Telnet, and HTTP). The embedded HTTP service does not properly handle submission requests, and submits long requests similar to the following:
GET /<buffer>/cgi/application.cgi HTTP / 1.0
Authorization: Basic [base64authstring]
The buffer here exceeds 260 characters, which can cause the VxWorks system to crash. VxWorks The operating system crashed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200409-0091",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-2495"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7e1650-463f-11e9-94c9-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "df4d9c3e-202c-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "7d7e1650-463f-11e9-94c9-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "df4d9c3e-202c-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7e1650-463f-11e9-94c9-000c29342cb1"
},
{
"db": "IVD",
"id": "df4d9c3e-202c-11e6-abef-000c29c66e3d"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Pingtel series are SIP products, one of which is the Xpressa SIP desktop phone. \n\n\u00a0There is a problem with the HTTP management interface of the Pingtel Xpressa phone. A remote attacker could use this vulnerability to conduct a denial-of-service attack on the device and crash the VxWorks operating system. \n\n\u00a0Pingtel Xpressa phones can be managed through various interfaces (console, Telnet, and HTTP). The embedded HTTP service does not properly handle submission requests, and submits long requests similar to the following:\n\n\u00a0GET /\u0026lt;buffer\u003e/cgi/application.cgi HTTP / 1.0\n\n\u00a0Authorization: Basic [base64authstring]\n\n\u00a0The buffer here exceeds 260 characters, which can cause the VxWorks system to crash. VxWorks The operating system crashed",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-2495"
},
{
"db": "IVD",
"id": "7d7e1650-463f-11e9-94c9-000c29342cb1"
},
{
"db": "IVD",
"id": "df4d9c3e-202c-11e6-abef-000c29c66e3d"
}
],
"trust": 0.9
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2004-2495",
"trust": 1.0
},
{
"db": "IVD",
"id": "7D7E1650-463F-11E9-94C9-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "DF4D9C3E-202C-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d7e1650-463f-11e9-94c9-000c29342cb1"
},
{
"db": "IVD",
"id": "df4d9c3e-202c-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2004-2495"
}
]
},
"id": "VAR-200409-0091",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7e1650-463f-11e9-94c9-000c29342cb1"
},
{
"db": "IVD",
"id": "df4d9c3e-202c-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2004-2495"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7e1650-463f-11e9-94c9-000c29342cb1"
},
{
"db": "IVD",
"id": "df4d9c3e-202c-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2004-2495"
}
]
},
"last_update_date": "2022-05-17T02:12:09.697000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7e1650-463f-11e9-94c9-000c29342cb1"
},
{
"db": "IVD",
"id": "df4d9c3e-202c-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2004-2495"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-09-13T00:00:00",
"db": "IVD",
"id": "7d7e1650-463f-11e9-94c9-000c29342cb1"
},
{
"date": "2004-09-13T00:00:00",
"db": "IVD",
"id": "df4d9c3e-202c-11e6-abef-000c29c66e3d"
},
{
"date": "2004-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-2495"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-2495"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pingtel Xpressa Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d7e1650-463f-11e9-94c9-000c29342cb1"
},
{
"db": "IVD",
"id": "df4d9c3e-202c-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2004-2495"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d7e1650-463f-11e9-94c9-000c29342cb1"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…