Details of VAR-200210-0183

ID

VAR-200210-0183

CVE

CVE-2002-0881

TITLE

Cisco VoIP Phone Default administrator password vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-109

DESCRIPTION

Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings. The 7900 series VoIP Phones are a Voice-Over-IP solution distributed by Cisco Systems. If you have the opportunity to physically visit the Cisco VoIP 7900 series, you can also use this combination key to change the configuration, such as changing the TFTP server address and other operation control systems

Trust: 1.26

sources: NVD: CVE-2002-0881 // BID: 4799 // VULHUB: VHN-5272

AFFECTED PRODUCTS

vendor:	cisco	model:	voip phone cp-7940	scope:	eq	version:	3.2	Trust: 1.9
vendor:	cisco	model:	voip phone cp-7940	scope:	eq	version:	3.1	Trust: 1.9
vendor:	cisco	model:	voip phone cp-7940	scope:	eq	version:	3.0	Trust: 1.9
vendor:	cisco	model:	skinny client control protocol software	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	skinny client control protocol software	scope:	eq	version:	3.2	Trust: 1.0
vendor:	cisco	model:	skinny client control protocol software	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	voip phone cp-7960	scope:	eq	version:	3.2	Trust: 0.9
vendor:	cisco	model:	voip phone cp-7960	scope:	eq	version:	3.1	Trust: 0.9
vendor:	cisco	model:	voip phone cp-7960	scope:	eq	version:	3.0	Trust: 0.9
vendor:	cisco	model:	voip phone cp-7910	scope:	eq	version:	3.2	Trust: 0.9
vendor:	cisco	model:	voip phone cp-7910	scope:	eq	version:	3.1	Trust: 0.9
vendor:	cisco	model:	voip phone cp-7910	scope:	eq	version:	3.0	Trust: 0.9

sources: BID: 4799 // CNNVD: CNNVD-200210-109 // NVD: CVE-2002-0881

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0881
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200210-109
value:	LOW
Trust: 0.6
VULHUB:	VHN-5272
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2002-0881
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5272
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5272 // CNNVD: CNNVD-200210-109 // NVD: CVE-2002-0881

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0881

THREAT TYPE

local

Trust: 0.9

sources: BID: 4799 // CNNVD: CNNVD-200210-109

TYPE

Design Error

Trust: 0.9

sources: BID: 4799 // CNNVD: CNNVD-200210-109

EXTERNAL IDS

db:	BID	id:	4799	Trust: 2.0
db:	NVD	id:	CVE-2002-0881	Trust: 2.0
db:	CNNVD	id:	CNNVD-200210-109	Trust: 0.7
db:	CISCO	id:	20020522 MULTIPLE VULNERABILITIES IN CISCO IP TELEPHONES	Trust: 0.6
db:	BUGTRAQ	id:	20020522 MULTIPLE VULNERABILITIES IN CISCO VOIP PHONES	Trust: 0.6
db:	XF	id:	9144	Trust: 0.6
db:	VULHUB	id:	VHN-5272	Trust: 0.1

sources: VULHUB: VHN-5272 // BID: 4799 // CNNVD: CNNVD-200210-109 // NVD: CVE-2002-0881

REFERENCES

url:	http://www.securityfocus.com/bid/4799	Trust: 2.7
url:	http://online.securityfocus.com/archive/1/273673	Trust: 2.7
url:	http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml	Trust: 2.7
url:	http://www.iss.net/security_center/static/9144.php	Trust: 2.7

sources: VULHUB: VHN-5272 // CNNVD: CNNVD-200210-109 // NVD: CVE-2002-0881

CREDITS

Johnathan Nightingale※ johnath@johnath.com

Trust: 0.6

sources: CNNVD: CNNVD-200210-109

SOURCES

db:	VULHUB	id:	VHN-5272
db:	BID	id:	4799
db:	CNNVD	id:	CNNVD-200210-109
db:	NVD	id:	CVE-2002-0881

LAST UPDATE DATE

2024-11-22T23:03:16.247000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5272	date:	2018-10-30T00:00:00
db:	BID	id:	4799	date:	2009-07-11T12:46:00
db:	CNNVD	id:	CNNVD-200210-109	date:	2009-04-03T00:00:00
db:	NVD	id:	CVE-2002-0881	date:	2024-11-20T23:40:05.960

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5272	date:	2002-10-04T00:00:00
db:	BID	id:	4799	date:	2002-05-22T00:00:00
db:	CNNVD	id:	CNNVD-200210-109	date:	2002-05-22T00:00:00
db:	NVD	id:	CVE-2002-0881	date:	2002-10-04T04:00:00