Lucene search

[email protected]CVE-2007-3319

HistoryJun 21, 2007 - 6:30 p.m.

CVE-2007-3319

2007-06-2118:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

avaya

4602sw

ip phone

sip firmware

man-in-the-middle attacks

cve-2007-3319

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.3%

JSON

The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.

CPENameOperatorVersion
avaya:4602sw_ip_phoneavaya 4602sw ip phoneeqr2.2

CPE	Name	Operator	Version
avaya:4602sw_ip_phone	avaya 4602sw ip phone	eq	r2.2

References

osvdb.org/38115

secunia.com/advisories/25747

support.avaya.com/elmodocs2/security/ASA-2007-263.htm

www.securityfocus.com/bid/24539

www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=299&

exchange.xforce.ibmcloud.com/vulnerabilities/34972

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.3%

JSON

Related for CVE-2007-3319

prion1 cvelist1