Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5468

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5468
Last Modified 07 Mar 2011 10:00:45
Published 15 Oct 2007 08:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5468

Summary

Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").

Vulnerable Systems


References

VUPEN - ADV-2007-3534

BID - 26057

FULLDISC - 20071015 CallManager and OpeSer toll fraud and authentication forward attack

FULLDISC - 20071012 CallManager and OpeSer toll fraud and authentication forward attack

XF - callmanager-openser-sip-call-hijacking(37197)

SECUNIA - 27231


Last Updated: 27 May 2016 10:46:10