Toll Fraud Vulnerability in Cisco CallManager Products
CVE-2007-5468

Currently unrated

Key Information:

Vendor: Cisco
Status: Call Manager
Vendor: CVE Published:; 16 October 2007

Summary

The Cisco CallManager is susceptible to an authentication forward attack due to a failure to properly verify the Digest authentication header URI against the Request URI in Session Initiation Protocol (SIP) messages. This flaw permits remote attackers to exploit intercepted Digest authentication credentials, enabling them to initiate calls to arbitrary numbers or masquerade as different caller identities. This vulnerability poses significant risks of toll fraud and further exploits involving caller ID spoofing.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2007-O...

mailing-listx_refsource_FULLDISC

http://www.vupen.com/english/advisories/2007/3534

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/27231

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Oct 16, 2007
Vulnerability Reserved
Oct 15, 2007