CVE-2007-5361

2007-11-20T19:46:00
ID CVE-2007-5361
Type cve
Reporter cve@mitre.org
Modified 2018-10-15T21:44:00

Description

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.