CyberSec.Space Logo
CVEブラウザに戻る

CVE-2002-0670

HIGH
7.5
CVSS Severity Score
EPSS Score0.1590%
EPSS Percentile21.42th
Published2002年7月23日
Last Modified2026年4月16日

Vulnerability Description

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.

Affected Platforms (CPE)

🔌
Pingtel

Xpressa

= 1.2.5
🔌
Pingtel

Xpressa

= 1.2.7.4

References & Advisories

🔗 http://www.atstake.com/research/advisories/2002/a071202-1.txt
🔗 http://www.iss.net/security_center/static/9565.php
🔗 http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
🔗 http://www.atstake.com/research/advisories/2002/a071202-1.txt
🔗 http://www.iss.net/security_center/static/9565.php
🔗 http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp

関連する脆弱性情報

CVE-2002-066710.0

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow r...

CVE-2002-06719.8

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verif...

CVE-2002-06687.5

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the...

CVE-2002-06747.2

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which c...