Lucene search

[email protected]CVE-2007-5468

HistoryOct 16, 2007 - 12:17 a.m.

CVE-2007-5468

2007-10-1600:17:00

CWE-264

[email protected]

web.nvd.nist.gov

cisco

callmanager

sip

authentication

uri

cve-2007-5468

toll fraud

caller id spoofing

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka “toll fraud and authentication forward attack”).

Affected configurations

NVD

Node

ciscocall_managerMatch5.1.1.3000

CPENameOperatorVersion
cisco:call_managercisco call managereq5.1.1.3000

CPE	Name	Operator	Version
cisco:call_manager	cisco call manager	eq	5.1.1.3000

References

lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.html

lists.grok.org.uk/pipermail/full-disclosure/2007-October/066691.html

lists.grok.org.uk/pipermail/full-disclosure/2007-October/066694.html

secunia.com/advisories/27231

www.securityfocus.com/bid/26057

www.vupen.com/english/advisories/2007/3534

exchange.xforce.ibmcloud.com/vulnerabilities/37197

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for CVE-2007-5468

nvd1 prion1 cvelist1