Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6190


Vulnerability Score 3.5 3.5
CVE Id CVE-2007-6190
Last Modified 07 Mar 2011 10:02:07
Published 29 Nov 2007 08:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE



The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

Vulnerable Systems


VUPEN - ADV-2007-4036

BID - 26668


CISCO - 20071128 Cisco Unified IP Phone Remote Eavesdropping

SECTRACK - 1019006

SECUNIA - 27829

OSVDB - 40874

Last Updated: 27 May 2016 10:46:24