CVE DATABASE / CVE-2002-0671
CVE-2002-0671
CVSS 9.8 · CRITICAL
Summary
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Pingtel xpressa firmwarePingtel xpressa
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.atstake.com/research/advisories/2002/a071202-1.txt
- http://www.iss.net/security_center/static/9566.php
- http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
- http://www.securityfocus.com/bid/5224
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.