CVE-2005-2182

HIGH7.5

Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message

Published Jul 10, 2005

Modified 1 years ago

Details

Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

References

WEB

http://marc.info/?l=bugtraq&m=112067698624686&w=2

WEB

http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt

WEB

http://www.securitytracker.com/alerts/2005/Jul/1014407.html

WEB

https://exchange.xforce.ibmcloud.com/vulnerabilities/21260

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2005-2182

CVSS Analysis