Vulnerability Details : CVE-2002-0671
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.
Exploit prediction scoring system (EPSS) score for CVE-2002-0671
Probability of exploitation activity in the next 30 days: 0.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-0671
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2002-0671
-
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2002-0671
-
http://www.iss.net/security_center/static/9566.php
Broken Link
-
http://www.securityfocus.com/bid/5224
Broken Link;Third Party Advisory;VDB Entry
-
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
Broken Link;Vendor Advisory
-
http://www.atstake.com/research/advisories/2002/a071202-1.txt
Broken Link
Products affected by CVE-2002-0671
- cpe:2.3:o:pingtel:xpressa_firmware:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:pingtel:xpressa_firmware:1.2.7.4:*:*:*:*:*:*:*