Pingtel xpressa Web interface can be used to cause a denial of service

pingtel-xpressa-web-dos (9564) The risk level is classified as MediumMedium Risk

Description:

Pingtel xpressa is vulnerable to a denial of service attack that can be caused by multiple vulnerabilities in the Web interface. A remote attacker with valid administrative or user authentication credentials could change various settings to cause a denial of service against the affected VoIP phone or Web interface.


Consequences:

Denial of Service

Remedy:

Refer to Pingtel @Stake Advisory Response 2002 July 11 for upgrade and workaround information. See References.

References:

  • @stake Inc. Security Advisory A071202-1: Multiple Vulnerabilities with Pingtel xpressa SIP Phones .
  • Pingtel Web site: Pingtel - Support - Documentation.
  • BID-5220: Pingtel Expressa Web Server Cross-Site Scripting Vulnerability
  • CVE-2002-0669: The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.
  • OSVDB ID: 5138: Pingtel xpressa Incoming Call DoS

Platforms Affected:

  • Pingtel Pingtel xpressa PX-1 1.2.5 to 1.2.7.4

Reported:

Jul 12, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page