Vulnerability Details CVE-2005-2182
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=112067698624686&w=2
- http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt
- http://www.securitytracker.com/alerts/2005/Jul/1014407.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21260
- http://marc.info/?l=bugtraq&m=112067698624686&w=2
- http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt
- http://www.securitytracker.com/alerts/2005/Jul/1014407.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21260
Products affected by CVE-2005-2182
-
cpe:2.3:h:grandstream:bt-100:-
-
cpe:2.3:o:grandstream:bt-100_firmware:-