Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar.
Max CVSS
5.0
EPSS Score
0.23%
Published
2002-12-31
Updated
2008-09-05
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.
Max CVSS
5.0
EPSS Score
0.13%
Published
2002-12-31
Updated
2008-09-05
2 vulnerabilities found