Vulnerability Details : CVE-2002-0628
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.
Products affected by CVE-2002-0628
- cpe:2.3:h:polycom:viewstation_128:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_128:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_512:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_512:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_dcp:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_dcp:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_fx_vs4000:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_h.323:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_h.323:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_mp:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_mp:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_sp_384:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_sp_384:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_v.35:7.2:*:*:*:*:*:*:*
- cpe:2.3:h:polycom:viewstation_v.35:6.5.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2002-0628
0.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2002-0628
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | 2024-02-09 |
CWE ids for CVE-2002-0628
-
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.Assigned by: nvd@nist.gov (Primary)
References for CVE-2002-0628
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44241
Polycom ViewStation Telnet server information disclosure CVE-2002-0628 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.iss.net/security_center/static/9349.php
Broken Link;Vendor Advisory
-
http://www.securityfocus.com/bid/5635
Broken Link;Third Party Advisory;VDB Entry;Vendor Advisory
-
http://www.ciac.org/ciac/bulletins/m-123.shtml
Broken Link;Patch;Vendor Advisory
-
http://www.polycom.com/common/pw_item_show_doc/0%2C%2C1444%2C00.pdf
Poly | Video Conferencing, Conference Phones & Headsets | Poly, formerly Plantronics & PolycomProduct
-
http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
-
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Broken Link
Jump to