CVE-2002-0671

Name of the Vulnerable Software and Affected Versions Pingtel xpressa SIP-based voice-over-IP phone versions 1.2.5 through 1.2.7.4

Description The issue allows remote attackers to install Trojan horse applications via DNS spoofing because the phone downloads applications from a web site but cannot verify their integrity.

Recommendations For versions 1.2.5 through 1.2.7.4, as a temporary workaround, consider restricting access to the phone's application download feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.