CVE-2002-0668 - Vulnerability Details - OpenCVE

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0049.

Key SSVC decision points have not yet been added.

Vendors	Products
Pingtel	Xpressa

Configuration 1 [-]

OR	cpe:2.3:h:pingtel:xpressa:1.2.5:::::::*
	cpe:2.3:h:pingtel:xpressa:1.2.7.4:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2002-0662	The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.atstake.com/research/advisories/2002/a071202-1.txt
http://www.osvdb.org/5144
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
https://exchange.xforce.ibmcloud.com/vulnerabilities/9563

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2024-08-08T02:56:38.214Z

Reserved: 2002-07-09T00:00:00

Link: CVE-2002-0668

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2002-07-23T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2002-0668

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2004-08-18T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"}, {"name": "A071202-1", "tags": ["vendor-advisory", "x_refsource_ATSTAKE"], "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"}, {"name": "5144", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/5144"}, {"name": "pingtel-xpressa-call-hijacking(9563)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0668", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp", "refsource": "CONFIRM", "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"}, {"name": "A071202-1", "refsource": "ATSTAKE", "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"}, {"name": "5144", "refsource": "OSVDB", "url": "http://www.osvdb.org/5144"}, {"name": "pingtel-xpressa-call-hijacking(9563)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:56:38.214Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"}, {"name": "A071202-1", "tags": ["vendor-advisory", "x_refsource_ATSTAKE", "x_transferred"], "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"}, {"name": "5144", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/5144"}, {"name": "pingtel-xpressa-call-hijacking(9563)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0668", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-07-09T00:00:00", "dateUpdated": "2024-08-08T02:56:38.214Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:pingtel:xpressa:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "5362ACDC-DA8B-4DA7-BEE3-C30083CD715D", "vulnerable": true}, {"criteria": "cpe:2.3:h:pingtel:xpressa:1.2.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "5F08D9EF-49D8-44CC-B33D-4EF416E80F62", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls."}, {"lang": "es", "value": "El interfaz web de la telefon\u00eda basada en voz sobre IP dePingtel xpressa SIP desde la versi\u00f3n 1.2.5 hasta la 1.2.7.4, permite a usuarios autentificados la modificaci\u00f3n de los valores del establecimiento de llamada (Call Forwarding settings) y la intercepci\u00f3n de llamadas."}], "id": "CVE-2002-0668", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-07-23T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/5144"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/5144"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}