Pingtel
Products
5- 12 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0671 | Cri | 0.64 | 9.8 | 0.01 | Jul 23, 2002 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing. | ||
| CVE-2023-39930 | 0.00 | — | 0.01 | Oct 24, 2023 | A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. | |||
| CVE-2022-40722 | 0.00 | — | 0.00 | Apr 25, 2023 | A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. | |||
| CVE-2022-40723 | 0.00 | — | 0.01 | Apr 25, 2023 | The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | |||
| CVE-2004-1680 | 0.00 | — | 0.02 | Sep 13, 2004 | application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow. | |||
| CVE-2002-0669 | 0.00 | — | 0.01 | Feb 19, 2003 | The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an… | |||
| CVE-2002-1934 | 0.00 | — | 0.01 | Dec 31, 2002 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information. | |||
| CVE-2002-1935 | 0.00 | — | 0.01 | Dec 31, 2002 | Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar. | |||
| CVE-2002-0675 | 0.00 | — | 0.00 | Jul 23, 2002 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone. | |||
| CVE-2002-0670 | 0.00 | — | 0.02 | Jul 23, 2002 | The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing. | |||
| CVE-2002-0672 | 0.00 | — | 0.00 | Jul 23, 2002 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null. | |||
| CVE-2002-0668 | 0.00 | — | 0.01 | Jul 23, 2002 | The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. | |||
| CVE-2002-0667 | 0.00 | — | 0.03 | Jul 23, 2002 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone. | |||
| CVE-2002-0674 | 0.00 | — | 0.00 | Jul 23, 2002 | Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication. | |||
| CVE-2002-0673 | 0.00 | — | 0.00 | Jul 23, 2002 | The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions. |
- risk 0.64cvss 9.8epss 0.01
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.
- CVE-2023-39930Oct 24, 2023risk 0.00cvss —epss 0.01
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.
- CVE-2022-40722Apr 25, 2023risk 0.00cvss —epss 0.00
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.
- CVE-2022-40723Apr 25, 2023risk 0.00cvss —epss 0.01
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.
- CVE-2004-1680Sep 13, 2004risk 0.00cvss —epss 0.02
application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.
- CVE-2002-0669Feb 19, 2003risk 0.00cvss —epss 0.01
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an…
- CVE-2002-1934Dec 31, 2002risk 0.00cvss —epss 0.01
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.
- CVE-2002-1935Dec 31, 2002risk 0.00cvss —epss 0.01
Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar.
- CVE-2002-0675Jul 23, 2002risk 0.00cvss —epss 0.00
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.
- CVE-2002-0670Jul 23, 2002risk 0.00cvss —epss 0.02
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing.
- CVE-2002-0672Jul 23, 2002risk 0.00cvss —epss 0.00
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null.
- CVE-2002-0668Jul 23, 2002risk 0.00cvss —epss 0.01
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.
- CVE-2002-0667Jul 23, 2002risk 0.00cvss —epss 0.03
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.
- CVE-2002-0674Jul 23, 2002risk 0.00cvss —epss 0.00
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.
- CVE-2002-0673Jul 23, 2002risk 0.00cvss —epss 0.00
The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions.