Pingtel xpressa VoIP phones contain a flaw that may allow a malicious user to perform a firmware upgrade. The issue is due to the use of a default, resettable administrator password and/or weak remote authentication for administrative users. It is possible that the flaw may allow a malicious user to gain control of an xpressa phone at the software or firmware level, resulting in a loss of integrity.

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well. Upgrade to version 2.0.1 or higher, as it has been reported to resolve several related authentication issues. Pingtel has released a document which outlines best practices relating to the deployment of Pingtel phones. See references for further informatiion.

• Security Tracker: 1004760
• CVE ID: 2002-0675 (see also: NVD)
• Related OSVDB ID: 5138 5139 5140 5141 5142 5143 5144 5145 5147 5148 5149
• Bugtraq ID: 5223
• ISS X-Force ID: 9570
• Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0019.html
• Other Advisory URL: http://www.atstake.com/research/advisories/2002/a071202-1.txt
• Vendor URL: http://www.pingtel.com/
• Generic Informational URL: http://www.pingtel.com/docs/best_practices_20x.txt
  http://www.pingtel.com/s_docadmin.jsp
• Vendor Specific Solution URL: http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
• Keyword: SIP-based,voice-over-IP,telephone

• Ofir Arkin - ofiratstake.com - @stake, Inc.
• Josh Anderson - joshatstake.com - @Stake, Inc.