EUVD-2007-3310

Malware in sbrugna...

EUVD-2007-3309

Malware in sbrugna...

Code injection

The Avaya 4602SW IP Phone Model 4602D02A with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact...

Authorization

The Avaya 4602SW IP Phone Model 4602D02A with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications...

CVE-2007-3320

The Avaya 4602SW IP Phone Model 4602D02A with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact...

CVE-2007-3319

The CVE-2007-3319 entry concerns the Avaya 4602SW IP Phone (Model 4602D02A) with SIP firmware 2.2.2 and earlier, which does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication. This omission allows remote attackers to perform man-in-the-middle...

CVE-2007-3319

The Avaya 4602SW IP Phone Model 4602D02A with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications...

CVE-2007-3320

Summary: CVE-2007-3320 affects the Avaya 4602SW IP Phone (Model 4602D02A) with SIP firmware 2.2.2 and earlier. The device accepts SIP INVITE requests from arbitrary source IP addresses, enabling remote attackers to cause an unspecified impact. The root cause is lack of source-IP filtering for INV...