cvelistv5 - cve-2007-6190

CVE-2007-6190 (GCVE-0-2007-6190)

Vulnerability from cvelistv5 – Published: 2007-11-30 01:00 – Updated: 2024-08-07 15:54

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/26668	vdb-entryx_refsource_BID
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://securitytracker.com/id?1019006	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/27829	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/40874	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/4036	vdb-entryx_refsource_VUPEN
	http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:27.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26668",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26668"
          },
          {
            "name": "20071128 Cisco Unified IP Phone Remote Eavesdropping",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
          },
          {
            "name": "1019006",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019006"
          },
          {
            "name": "27829",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27829"
          },
          {
            "name": "40874",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/40874"
          },
          {
            "name": "ADV-2007-4036",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4036"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-12-06T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26668",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26668"
        },
        {
          "name": "20071128 Cisco Unified IP Phone Remote Eavesdropping",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
        },
        {
          "name": "1019006",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019006"
        },
        {
          "name": "27829",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27829"
        },
        {
          "name": "40874",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/40874"
        },
        {
          "name": "ADV-2007-4036",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4036"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6190",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26668",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26668"
            },
            {
              "name": "20071128 Cisco Unified IP Phone Remote Eavesdropping",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
            },
            {
              "name": "1019006",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019006"
            },
            {
              "name": "27829",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27829"
            },
            {
              "name": "40874",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/40874"
            },
            {
              "name": "ADV-2007-4036",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4036"
            },
            {
              "name": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf",
              "refsource": "MISC",
              "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6190",
    "datePublished": "2007-11-30T01:00:00",
    "dateReserved": "2007-11-29T00:00:00",
    "dateUpdated": "2024-08-07T15:54:27.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8231E975-3AA7-4B02-97EE-33397AFE70EB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.\"}, {\"lang\": \"es\", \"value\": \"El demonio HTTP en el tel\\u00e9fono Cisco Unified IPD Phone, cuando la funcionalidad de Movilidad de Extensi\\u00f3n (Extension Mobility) est\\u00e1 habilitada, permite a usuarios autenticados remotamente de otros tel\\u00e9fonos asociados con el mismo servidor CUCM escuchar el entorno f\\u00edsico sin ser detectados mediante un mensaje CiscoIPPhoneExecute que contenga un atributo URL de un elemento ExecuteItem que especifica un flujo de audio en el protocolo RTP (Real-Time Transport Protocol).\"}]",
      "id": "CVE-2007-6190",
      "lastModified": "2024-11-21T00:39:34.100",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:N/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-11-30T01:46:00.000",
      "references": "[{\"url\": \"http://osvdb.org/40874\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27829\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1019006\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26668\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4036\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/40874\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27829\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1019006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26668\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4036\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6190\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-11-30T01:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.\"},{\"lang\":\"es\",\"value\":\"El demonio HTTP en el tel\u00e9fono Cisco Unified IPD Phone, cuando la funcionalidad de Movilidad de Extensi\u00f3n (Extension Mobility) est\u00e1 habilitada, permite a usuarios autenticados remotamente de otros tel\u00e9fonos asociados con el mismo servidor CUCM escuchar el entorno f\u00edsico sin ser detectados mediante un mensaje CiscoIPPhoneExecute que contenga un atributo URL de un elemento ExecuteItem que especifica un flujo de audio en el protocolo RTP (Real-Time Transport Protocol).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:N/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8231E975-3AA7-4B02-97EE-33397AFE70EB\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/40874\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27829\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1019006\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26668\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4036\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/40874\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27829\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1019006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26668\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4036\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200711-0089

Vulnerability from variot - Updated: 2023-12-18 13:25

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. Cisco Unified IP Phone is prone to a vulnerability that allows eavesdropping. An attacker can exploit this issue to transmit or receive audio stream data to an unsuspecting victim. Successfully exploiting this issue will allow the attacker to access sensitive information. If the attack is successful, the IP phone will turn on the microphone status light, and the phone will display an off-hook icon to indicate that a call is in progress.

2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.

Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv

TITLE: Cisco Unified IP Phone Extension Mobility Weakness

SECUNIA ADVISORY ID: SA27829

VERIFY ADVISORY: http://secunia.com/advisories/27829/

CRITICAL: Not critical

IMPACT: Security Bypass

WHERE:

From local network

OPERATING SYSTEM: Cisco IP Phone 7900 Series http://secunia.com/product/2809/

DESCRIPTION: Joffrey Czarney has reported a weakness in Cisco Unified IP Phones, which can be exploited by malicious people to bypass certain security restrictions.

The problem is that the Extension Mobility authentication credentials are not encrypted when communicating with the internal web server of an IP phone. This can be exploited to sniff the authentication credentials and perform various actions on a target IP phone (e.g. remotely login/logout a user or eavesdrop on calls).

Successful exploitation requires that the Extension Mobility feature is enabled (not enabled by default).

The weakness affects all Cisco IP Phones that support the Extension Mobility feature.

SOLUTION: The vendor has provided some workaround to mitigate this issue. Please see the vendor's advisory for details.

PROVIDED AND/OR DISCOVERED BY: Joffrey Czarney, Telindus

ORIGINAL ADVISORY: Cisco (100252): http://www.cisco.com/warp/public/707/cisco-sr-20071128-phone.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200711-0089",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified ip phone",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8.2(1)"
      },
      {
        "model": "unified ip phone 8.0 sr2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip phone 8.0 sr1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip phone 7971g",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip phone 7970g",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip phone 7961g",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip phone 7941g",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip phone 7911g",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip phone 7906g",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26668"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002939"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-421"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:unified_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-6190"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Joffrey Czarney Joffrey.czarny@telindus.fr",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-421"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-6190",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2007-6190",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "VHN-29552",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-6190",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200711-421",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-29552",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29552"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002939"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-421"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. Cisco Unified IP Phone is prone to a vulnerability that allows eavesdropping. \nAn attacker can exploit this issue to transmit or receive audio stream data to an unsuspecting victim. \nSuccessfully exploiting this issue will allow the attacker to access sensitive information. If the attack is successful, the IP phone will turn on the microphone status light, and the phone will display an off-hook icon to indicate that a call is in progress. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nGet a free trial of the Secunia Vulnerability Intelligence Solutions:\nhttp://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Unified IP Phone Extension Mobility Weakness\n\nSECUNIA ADVISORY ID:\nSA27829\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27829/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nCisco IP Phone 7900 Series\nhttp://secunia.com/product/2809/\n\nDESCRIPTION:\nJoffrey Czarney has reported a weakness in Cisco Unified IP Phones,\nwhich can be exploited by malicious people to bypass certain security\nrestrictions. \n\nThe problem is that the Extension Mobility authentication credentials\nare not encrypted when communicating with the internal web server of\nan IP phone. This can be exploited to sniff the authentication\ncredentials and perform various actions on a target IP phone (e.g. \nremotely login/logout a user or eavesdrop on calls). \n\nSuccessful exploitation requires that the Extension Mobility feature\nis enabled (not enabled by default). \n\nThe weakness affects all Cisco IP Phones that support the Extension\nMobility feature. \n\nSOLUTION:\nThe vendor has provided some workaround to mitigate this issue. \nPlease see the vendor\u0027s advisory for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nJoffrey Czarney, Telindus\n\nORIGINAL ADVISORY:\nCisco (100252):\nhttp://www.cisco.com/warp/public/707/cisco-sr-20071128-phone.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-6190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002939"
      },
      {
        "db": "BID",
        "id": "26668"
      },
      {
        "db": "VULHUB",
        "id": "VHN-29552"
      },
      {
        "db": "PACKETSTORM",
        "id": "61357"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-6190",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "26668",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "27829",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1019006",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4036",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "40874",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002939",
        "trust": 0.8
      },
      {
        "db": "CISCO",
        "id": "20071128 CISCO UNIFIED IP PHONE REMOTE EAVESDROPPING",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-421",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-29552",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "61357",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29552"
      },
      {
        "db": "BID",
        "id": "26668"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002939"
      },
      {
        "db": "PACKETSTORM",
        "id": "61357"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-421"
      }
    ]
  },
  "id": "VAR-200711-0089",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29552"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:25:38.621000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Document ID: 599",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/csr/cisco-sr-20071128-phone.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002939"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29552"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002939"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6190"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.cisco.com/en/us/products/products_security_response09186a0080903a6d.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26668"
      },
      {
        "trust": 1.7,
        "url": "http://www.hack.lu/pres/hacklu07_remote_wiretapping.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/40874"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1019006"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/27829"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/4036"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6190"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6190"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/4036"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/hw/phones/ps379/index.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20071128-phone.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27829/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2809/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29552"
      },
      {
        "db": "BID",
        "id": "26668"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002939"
      },
      {
        "db": "PACKETSTORM",
        "id": "61357"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-421"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-29552"
      },
      {
        "db": "BID",
        "id": "26668"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002939"
      },
      {
        "db": "PACKETSTORM",
        "id": "61357"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-421"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-11-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-29552"
      },
      {
        "date": "2007-12-01T00:00:00",
        "db": "BID",
        "id": "26668"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002939"
      },
      {
        "date": "2007-11-30T05:36:59",
        "db": "PACKETSTORM",
        "id": "61357"
      },
      {
        "date": "2007-11-30T01:46:00",
        "db": "NVD",
        "id": "CVE-2007-6190"
      },
      {
        "date": "2007-11-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200711-421"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-29552"
      },
      {
        "date": "2007-12-05T16:42:00",
        "db": "BID",
        "id": "26668"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002939"
      },
      {
        "date": "2011-03-08T03:02:07.657000",
        "db": "NVD",
        "id": "CVE-2007-6190"
      },
      {
        "date": "2007-11-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200711-421"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-421"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified IP Phone of  HTTP Eavesdropping vulnerability in daemon",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002939"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-421"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2007-6190

Vulnerability from fkie_nvd - Published: 2007-11-30 01:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/40874
cve@mitre.org	http://secunia.com/advisories/27829	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1019006
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html
cve@mitre.org	http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf
cve@mitre.org	http://www.securityfocus.com/bid/26668
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4036
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/40874
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27829	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019006
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html
af854a3a-2127-422b-91ae-364da2661108	http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26668
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4036

Impacted products

	Vendor	Product	Version
	cisco	unified_ip_phone	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8231E975-3AA7-4B02-97EE-33397AFE70EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream."
    },
    {
      "lang": "es",
      "value": "El demonio HTTP en el tel\u00e9fono Cisco Unified IPD Phone, cuando la funcionalidad de Movilidad de Extensi\u00f3n (Extension Mobility) est\u00e1 habilitada, permite a usuarios autenticados remotamente de otros tel\u00e9fonos asociados con el mismo servidor CUCM escuchar el entorno f\u00edsico sin ser detectados mediante un mensaje CiscoIPPhoneExecute que contenga un atributo URL de un elemento ExecuteItem que especifica un flujo de audio en el protocolo RTP (Real-Time Transport Protocol)."
    }
  ],
  "id": "CVE-2007-6190",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-30T01:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/40874"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27829"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1019006"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26668"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/40874"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4036"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JHJM-HXHV-H29W

Vulnerability from github – Published: 2022-05-01 18:40 – Updated: 2022-05-01 18:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-11-30T01:46:00Z",
    "severity": "LOW"
  },
  "details": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.",
  "id": "GHSA-jhjm-hxhv-h29w",
  "modified": "2022-05-01T18:40:21Z",
  "published": "2022-05-01T18:40:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6190"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/40874"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27829"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1019006"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
    },
    {
      "type": "WEB",
      "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26668"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4036"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-6190

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-6190

Aliases

CVE-2007-6190

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6190",
    "description": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.",
    "id": "GSD-2007-6190"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6190"
      ],
      "details": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.",
      "id": "GSD-2007-6190",
      "modified": "2023-12-13T01:21:38.908175Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6190",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "26668",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26668"
          },
          {
            "name": "20071128 Cisco Unified IP Phone Remote Eavesdropping",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
          },
          {
            "name": "1019006",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1019006"
          },
          {
            "name": "27829",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27829"
          },
          {
            "name": "40874",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/40874"
          },
          {
            "name": "ADV-2007-4036",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4036"
          },
          {
            "name": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf",
            "refsource": "MISC",
            "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:unified_ip_phone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6190"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
            },
            {
              "name": "20071128 Cisco Unified IP Phone Remote Eavesdropping",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
            },
            {
              "name": "1019006",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1019006"
            },
            {
              "name": "26668",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26668"
            },
            {
              "name": "27829",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27829"
            },
            {
              "name": "40874",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/40874"
            },
            {
              "name": "ADV-2007-4036",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4036"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-03-08T03:02Z",
      "publishedDate": "2007-11-30T01:46Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-6190 (GCVE-0-2007-6190)

VAR-200711-0089

FKIE_CVE-2007-6190

GHSA-JHJM-HXHV-H29W

GSD-2007-6190

Tags

Sightings

Nomenclature