CVE-2007-6190

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Ip Phone
Vendor: CVE Published:; 30 November 2007

Summary

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

References

http://www.securityfocus.com/bid/26668

vdb-entryx_refsource_BID

http://www.cisco.com/en/US/products/products_security_res...

vendor-advisoryx_refsource_CISCO

http://securitytracker.com/id?1019006

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Nov 30, 2007
Vulnerability Reserved
Nov 29, 2007