CVE-2007-6190
Summary
| CVE | CVE-2007-6190 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-11-30 01:46:00 UTC |
| Updated | 2011-03-08 03:02:00 UTC |
| Description | The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Unified Ip Phone | All | All | All | All |
| Hardware | Cisco | Unified Ip Phone | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 404 Not Found | MISC | www.hack.lu | |
| SecurityTracker.com Archives - Cisco Unified IP Phone Extension Mobility Feature Lets Remote Authenticated Users Eavesdrop | SECTRACK | securitytracker.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Cisco Unified IP Phone RTP Audio Stream Eavesdropping Vulnerability | BID | www.securityfocus.com | |
| Cisco Unified IP Phone Extension Mobility Weakness - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| 40874 | OSVDB | osvdb.org | |
| Cisco Unified IP Phone Remote Eavesdropping [Products & Services] - Cisco Systems | CISCO | www.cisco.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.