1.2.7.4

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

pingtel

NVD

Published: 2003-02-19

Updated: 2008-09-05

Summary

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.

Vulnerable Configurations

Part	Description	Count
Hardware	Pingtel Pingtel Xpressa 1.2.5 Pingtel Xpressa 1.2.7.4	2

References

http://www.atstake.com/research/advisories/2002/a071202-1.txt
http://www.iss.net/security_center/static/9564.php