CVE-2007-5468
Summary
| CVE | CVE-2007-5468 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-10-16 00:17:00 UTC |
| Updated | 2017-07-29 01:33:00 UTC |
| Description | Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack"). |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Call Manager | 5.1.1.3000 | All | All | All |
| Hardware | Cisco | Call Manager | 5.1.1.3000 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [Full-Disclosure] Mailing List Charter | FULLDISC | lists.grok.org.uk | |
| Cisco CallManager Authentication Header Hijacking Security Issue - Advisories - Secunia | SECUNIA | secunia.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| [Full-Disclosure] Mailing List Charter | FULLDISC | lists.grok.org.uk | |
| [Full-Disclosure] Mailing List Charter | FULLDISC | lists.grok.org.uk | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Cisco CallManager and Openser SIP Remote Unauthorized Access Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.