CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2002-0670

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.6%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.atstake.com/research/advisories/2002/a071202-1.txt
http://www.iss.net/security_center/static/9565.php
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
http://www.atstake.com/research/advisories/2002/a071202-1.txt
http://www.iss.net/security_center/static/9565.php
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp

Products affected by CVE-2002-0670

Pingtel » Xpressa » Version: 1.2.5

cpe:2.3:h:pingtel:xpressa:1.2.5
Pingtel » Xpressa » Version: 1.2.7.4

cpe:2.3:h:pingtel:xpressa:1.2.7.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-0670

Products

Pricing

Contact Us