Lucene search

MitreCVE-2007-0528

HistoryJan 26, 2007 - 1:28 a.m.

CVE-2007-0528

2007-01-2601:28:00

mitre

web.nvd.nist.gov

cve-2007-0528

centrality communications

aredfox

pa168 chipset

firmware

ip phones

authentication

remote access

sensitive information

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.024

Percentile

89.9%

JSON

The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).

Affected configurations

Nvd

Node

centrality_communicationspa168_chipsetRange≤firmware_1.54

VendorProductVersionCPE
centrality_communicationspa168_chipset*cpe:2.3:h:centrality_communications:pa168_chipset:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
centrality_communications	pa168_chipset	*	cpe:2.3:h:centrality_communications:pa168_chipset::::::::

References

osvdb.org/32966

secunia.com/advisories/23919

secunia.com/advisories/23936

www.procheckup.com/Vulner_PR0614.php

www.securityfocus.com/archive/1/457868/100/0/threaded

www.vupen.com/english/advisories/2007/0346

www.exploit-db.com/exploits/3189

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.024

Percentile

89.9%

JSON

Related for CVE-2007-0528