Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6190

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2007-6190
Last Modified 07 Mar 2011 10:02:07
Published 29 Nov 2007 08:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-6190

Summary

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

Vulnerable Systems


References

VUPEN - ADV-2007-4036

BID - 26668

MISC - http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf

CISCO - 20071128 Cisco Unified IP Phone Remote Eavesdropping

SECTRACK - 1019006

SECUNIA - 27829

OSVDB - 40874


Last Updated: 27 May 2016 10:46:24