CVE: CVE-2002-0628

Export to Word

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

S9 – Sabotage of System/App

EPSS

Score: 0.01421
Percentile: 0.79704

CVSS Scoring

CVSS v3.1 Score: 7.5

Severity: HIGH

Mapped CWE(s)

CWE-307 : Improper Restriction of Excessive Authentication Attempts

All CAPEC(s)

CAPEC-16: Dictionary-based Password Attack
CAPEC-49: Password Brute Forcing
CAPEC-560: Use of Known Domain Credentials
CAPEC-565: Password Spraying
CAPEC-600: Credential Stuffing
CAPEC-652: Use of Known Kerberos Credentials
CAPEC-653: Use of Known Operating System Credentials

CAPEC(s) with Mapped TTPs

CAPEC-49: Password Brute Forcing
Mapped TTPs:
- T1110.001 : Password Guessing
CAPEC-560: Use of Known Domain Credentials
Mapped TTPs:
- T1078 : Valid Accounts
CAPEC-565: Password Spraying
Mapped TTPs:
- T1110.003 : Password Spraying
CAPEC-600: Credential Stuffing
Mapped TTPs:
- T1110.004 : Credential Stuffing
CAPEC-652: Use of Known Kerberos Credentials
Mapped TTPs:
- T1558 : Steal or Forge Kerberos Tickets

Mapped ATT&CK TTPs

T1110.001 : Password Guessing
Kill Chain: credential-access
T1078 : Valid Accounts
Kill Chain: defense-evasion
T1110.003 : Password Spraying
Kill Chain: credential-access
T1110.004 : Credential Stuffing
Kill Chain: credential-access
T1558 : Steal or Forge Kerberos Tickets
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

Operation Wocao
SolarWinds Compromise
2015 Ukraine Electric Power Attack
APT28 Nearest Neighbor Campaign
Night Dragon
Leviathan Australian Intrusions
Operation MidnightEclipse
C0032
HomeLand Justice

Affected Products

cpe:2.3:h:polycom:viewstation_128:6.5.1:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_128:7.2:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_512:6.5.1:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_512:7.2:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_dcp:6.5.1:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_dcp:7.2:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_fx_vs4000:4.1.5:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_h.323:6.5.1:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_h.323:7.2:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_mp:6.5.1:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_mp:7.2:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_sp_384:6.5.1:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_sp_384:7.2:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_v.35:6.5.1:*:*:*:*:*:*:*
cpe:2.3:h:polycom:viewstation_v.35:7.2:*:*:*:*:*:*:*

← Back to Home