Описание
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.
Ссылки
- Mailing List
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Mailing List
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:grandstream:bt-100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:bt-100:-:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.0039
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.
EPSS
Процентиль: 60%
0.0039
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347