Executive Summary

Informations
NameCVE-2002-0671First vendor Publication2002-07-23
VendorCveLast vendor Modification2008-09-10

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides user account access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0671

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-184Software Integrity Attacks
CAPEC-185Malicious Software Download
CAPEC-186Malicious Software Update
CAPEC-187Malicious Automated Software Update

CWE : Common Weakness Enumeration

%idName

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware2

Open Source Vulnerability Database (OSVDB)

idDescription
5139Pingtel xpressa Arbitrary Application Installation

Sources (Detail)

SourceUrl
ATSTAKE http://www.atstake.com/research/advisories/2002/a071202-1.txt
BID http://www.securityfocus.com/bid/5224
CONFIRM http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
XF http://www.iss.net/security_center/static/9566.php

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-11 12:10:09
  • Multiple Updates