CVE Vulnerabilities

CVE-2002-1935

Published: Dec 31, 2002 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) To and From SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar.

Affected Software

Name Vendor Start Version End Version
Xpressa Pingtel 2.0 2.0
Xpressa Pingtel 1.2.8 1.2.8
Xpressa Pingtel 1.2.7.4 1.2.7.4
Xpressa Pingtel 1.2.5 1.2.5
Xpressa Pingtel 2.0.1 2.0.1

References