CVE Vulnerability

CVE-2007-6190

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

3.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf
http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html
http://securitytracker.com/id?1019006
http://www.securityfocus.com/bid/26668
http://secunia.com/advisories/27829 Vendor Advisory
http://osvdb.org/40874
http://www.vupen.com/english/advisories/2007/4036
Configurations

Configuration 1

cpe:2.3:h:cisco:unified_ip_phone:*:*:*:*:*:*:*:*
Information

Published : 2007-11-30 01:46

Updated : 2011-03-08 03:02

NVD link : CVE-2007-6190

Mitre link : CVE-2007-6190

Products Affected
No products.
CWE
CWE-200