CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0674

HIGH
7.2
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile19.70th
PublishedJul 23, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.

Affected Platforms (CPE)

πŸ”Œ
Pingtel

Xpressa

= 1.2.5
πŸ”Œ
Pingtel

Xpressa

= 1.2.7.4

References & Advisories

πŸ”— http://www.atstake.com/research/advisories/2002/a071202-1.txt
πŸ”— http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
πŸ”— http://www.securityfocus.com/bid/5221
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/9569
πŸ”— http://www.atstake.com/research/advisories/2002/a071202-1.txt
πŸ”— http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
πŸ”— http://www.securityfocus.com/bid/5221
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/9569

Related Vulnerabilities

CVE-2002-066710.0

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow r...

CVE-2002-06719.8

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verif...

CVE-2002-06707.5

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwo...

CVE-2002-06687.5

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the...