Lucene search

[email protected]CVE-2007-6190

HistoryNov 30, 2007 - 1:46 a.m.

CVE-2007-6190

2007-11-3001:46:00

CWE-200

[email protected]

web.nvd.nist.gov

cisco

unified ip phone

http daemon

eavesdropping

rtp

audio stream

cve-2007-6190

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.1%

JSON

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

Affected configurations

NVD

Node

ciscounified_ip_phone

CPENameOperatorVersion
cisco:unified_ip_phonecisco unified ip phoneeq*

CPE	Name	Operator	Version
cisco:unified_ip_phone	cisco unified ip phone	eq	*

References

osvdb.org/40874

secunia.com/advisories/27829

securitytracker.com/id?1019006

www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html

www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf

www.securityfocus.com/bid/26668

www.vupen.com/english/advisories/2007/4036

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for CVE-2007-6190

nvd1 prion1 cvelist1 cisco1