CVE-2007-5468

Currently unrated

Key Information:

Vendor: Cisco
Status: Call Manager
Vendor: CVE Published:; 16 October 2007

Summary

Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").

References

http://lists.grok.org.uk/pipermail/full-disclosure/2007-O...

mailing-listx_refsource_FULLDISC

http://www.vupen.com/english/advisories/2007/3534

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/27231

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Oct 16, 2007
Vulnerability Reserved
Oct 15, 2007