Lucene search

MitreCVE-2007-5468

HistoryOct 16, 2007 - 12:17 a.m.

CVE-2007-5468

2007-10-1600:17:00

CWE-264

mitre

web.nvd.nist.gov

cisco

callmanager

sip

authentication

uri

cve-2007-5468

toll fraud

caller id spoofing

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka “toll fraud and authentication forward attack”).

Affected configurations

Nvd

Node

ciscocall_managerMatch5.1.1.3000

VendorProductVersionCPE
ciscocall_manager5.1.1.3000cpe:2.3:h:cisco:call_manager:5.1.1.3000:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	call_manager	5.1.1.3000	cpe:2.3:h:cisco:call_manager:5.1.1.3000:::::::*

References

lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.html

lists.grok.org.uk/pipermail/full-disclosure/2007-October/066691.html

lists.grok.org.uk/pipermail/full-disclosure/2007-October/066694.html

secunia.com/advisories/27231

www.securityfocus.com/bid/26057

www.vupen.com/english/advisories/2007/3534

exchange.xforce.ibmcloud.com/vulnerabilities/37197

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

Related for CVE-2007-5468