CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0671

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1980%
EPSS Percentile17.16th
PublishedJul 23, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.

Affected Platforms (CPE)

πŸ’»
Pingtel

Xpressa Firmware

= 1.2.5
πŸ’»
Pingtel

Xpressa Firmware

= 1.2.7.4

References & Advisories

πŸ”— http://www.atstake.com/research/advisories/2002/a071202-1.txt
πŸ”— http://www.iss.net/security_center/static/9566.php
πŸ”— http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
πŸ”— http://www.securityfocus.com/bid/5224
πŸ”— http://www.atstake.com/research/advisories/2002/a071202-1.txt
πŸ”— http://www.iss.net/security_center/static/9566.php
πŸ”— http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
πŸ”— http://www.securityfocus.com/bid/5224

Related Vulnerabilities

CVE-2004-16805.0

application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of s...

CVE-2002-06754.6

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmwa...

CVE-2002-074710.0

Buffer overflow in lsmcode in AIX 4.3.3.

CVE-2002-135910.0

Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause ...