Vulnerability Details CVE-2002-0671
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.atstake.com/research/advisories/2002/a071202-1.txt
- http://www.iss.net/security_center/static/9566.php
- http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
- http://www.securityfocus.com/bid/5224
- http://www.atstake.com/research/advisories/2002/a071202-1.txt
- http://www.iss.net/security_center/static/9566.php
- http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
- http://www.securityfocus.com/bid/5224
Products affected by CVE-2002-0671
-
cpe:2.3:h:pingtel:xpressa:-
-
cpe:2.3:o:pingtel:xpressa_firmware:1.2.5
-
cpe:2.3:o:pingtel:xpressa_firmware:1.2.7.4