CVE-2002-1935
Published Dec 31, 2002
Last updated 9 months ago
Overview
- Description
- Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pingtel:xpressa:1.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5362ACDC-DA8B-4DA7-BEE3-C30083CD715D"
},
{
"criteria": "cpe:2.3:h:pingtel:xpressa:1.2.7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F08D9EF-49D8-44CC-B33D-4EF416E80F62"
},
{
"criteria": "cpe:2.3:h:pingtel:xpressa:1.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1BDFC05A-697B-4422-8E9E-A4A04F68ABCC"
},
{
"criteria": "cpe:2.3:h:pingtel:xpressa:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9637C232-D310-4303-9936-CECF52E78992"
},
{
"criteria": "cpe:2.3:h:pingtel:xpressa:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FACC7001-AB2F-4BDE-ADC5-F4E0FED70382"
}
],
"operator": "OR"
}
]
}
]