Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0374

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0374
Last Modified 05 Sep 2008 04:59:05
Published 22 Jan 2006 03:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0374

Summary

Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513).

Vulnerable Systems


References

XF - act-p202s-default-port(24149)

BID - 16288

SECUNIA - 18514

FULLDISC - 20060116 ACT P202S VoIP wireless phone multiple undocumented ports/services


Last Updated: 27 May 2016 10:41:38