Weekly Vulnerabilities Reports > July 11 to 17, 2005
Overview
3 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 3 vendors including Cisco, Grandstream, and Capturix. Vulnerabilities are notably categorized as "Improper Verification of Cryptographic Signature", and "Cleartext Storage of Sensitive Information".
- 2 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 2 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-07-11 | CVE-2005-2182 | Grandstream | Improper Verification of Cryptographic Signature vulnerability in Grandstream Bt-100 Firmware Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
| 2005-07-11 | CVE-2005-2181 | Cisco | Improper Verification of Cryptographic Signature vulnerability in Cisco IP Phone 7940 Firmware and IP Phone 7960 Firmware Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
1 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2005-07-11 | CVE-2005-2209 | Capturix | Cleartext Storage of Sensitive Information vulnerability in Capturix Scanshare 1.06 Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | 5.5 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|