CVE-2007-6190

Published Nov 30, 2007

Last updated 14 years ago

Overview

Description: The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:unified_ip_phone:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8231E975-3AA7-4B02-97EE-33397AFE70EB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References