CVE-2007-5361

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.
Configurations

Configuration 1

cpe:2.3:a:alcatel-lucent:omnipcx:*:*:enterprise:*:*:*:*:*

Information

Published : 2007-11-20 07:46

Updated : 2018-10-15 09:44


NVD link : CVE-2007-5361

Mitre link : CVE-2007-5361

Products Affected
No products.