CVE-2001-1425

critical

Description

The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/6354

http://www.securityfocus.com/bid/2568

http://www.securityfocus.com/archive/1/175229

http://www.kb.cert.org/vuls/id/243592

http://www.cert.org/advisories/CA-2001-08.html

http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html

Details

Source: Mitre, NVD

Published: 2001-04-10

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.04163