Cisco CallManager and Openser SIP Remote Unauthorized Access Vulnerability
BID:26057
Info
Cisco CallManager and Openser SIP Remote Unauthorized Access Vulnerability
| Bugtraq ID: | 26057 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-5468 CVE-2007-5469 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 12 2007 12:00AM |
| Updated: | Oct 26 2007 08:16PM |
| Credit: | Humberto J. Abdelnur, Radu State and Olivier Festor are credited with the discovery of this vulnerability. |
| Vulnerable: |
OpenSER OpenSER 1.2.2 Cisco Unified Communications Manager 5.1(1) Cisco Unified CallManager 5.1 Cisco Call Manager 5.1 |
| Not Vulnerable: | |
Discussion
Cisco CallManager and Openser SIP Remote Unauthorized Access Vulnerability
CallManager and Openser are prone to a remote unauthorized-access vulnerability that may lead to toll fraud and caller-ID spoofing.
A remote attacker can exploit this issue to initiate unauthorized phone calls and pretend to be a legitimate user.
CallManager and Openser are prone to a remote unauthorized-access vulnerability that may lead to toll fraud and caller-ID spoofing.
A remote attacker can exploit this issue to initiate unauthorized phone calls and pretend to be a legitimate user.
Exploit / POC
Cisco CallManager and Openser SIP Remote Unauthorized Access Vulnerability
The researchers who discovered this vulnerability report that proof-of-concept code is available upon request. Please see the references for more information.
The researchers who discovered this vulnerability report that proof-of-concept code is available upon request. Please see the references for more information.
Solution / Fix
Cisco CallManager and Openser SIP Remote Unauthorized Access Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Cisco CallManager and Openser SIP Remote Unauthorized Access Vulnerability
References:
References:
- CallManager and OpeSer toll fraud and authentication forward attack (Radu State ([email protected]))
- CallManager Product Homepage (Cisco Systems)
- OpenSER SIP Server Homepage (OpenSER)