Lucene search

[email protected]NVD:CVE-2007-5468

HistoryOct 16, 2007 - 12:17 a.m.

CVE-2007-5468

2007-10-1600:17:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.01

Percentile

83.9%

JSON

Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka “toll fraud and authentication forward attack”).

Affected configurations

Nvd

Node

ciscocall_managerMatch5.1.1.3000

VendorProductVersionCPE
ciscocall_manager5.1.1.3000cpe:2.3:h:cisco:call_manager:5.1.1.3000:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	call_manager	5.1.1.3000	cpe:2.3:h:cisco:call_manager:5.1.1.3000:::::::*

References

lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.html

lists.grok.org.uk/pipermail/full-disclosure/2007-October/066691.html

lists.grok.org.uk/pipermail/full-disclosure/2007-October/066694.html

secunia.com/advisories/27231

www.securityfocus.com/bid/26057

www.vupen.com/english/advisories/2007/3534

exchange.xforce.ibmcloud.com/vulnerabilities/37197

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.01

Percentile

83.9%

JSON

Related for NVD:CVE-2007-5468

prion1 cvelist1 cve1