Vulnerability Details : CVE-2001-1254
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.
Exploit prediction scoring system (EPSS) score for CVE-2001-1254
Probability of exploitation activity in the next 30 days: 0.37%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2001-1254
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2001-1254
-
http://online.securityfocus.com/archive/1/217200
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/3373
Products affected by CVE-2001-1254
- cpe:2.3:a:com2001:alexis_server:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:com2001:alexis_server:2.1:*:*:*:*:*:*:*