Remote Eavesdropping Vulnerability in Cisco Unified IP Phones with Extension Mobility Enabled
CVE-2007-6190

Currently unrated

Key Information:

Vendor
Cisco
Status
Unified Ip Phone
Vendor
CVE Published:
30 November 2007

Summary

A security issue in the HTTP daemon of Cisco Unified IP Phones, when paired with the Extension Mobility feature, allows remote authenticated users from other devices connected to the same Cisco Unified Communications Manager (CUCM) server to eavesdrop on surrounding audio. This is executed through a specific CiscoIPPhoneExecute message that contains a URL attribute directing to a Real-Time Transport Protocol (RTP) audio stream, potentially exposing sensitive conversations or private information to unauthorized individuals.

References

http://www.securityfocus.com/bid/26668
vdb-entryx_refsource_BID
http://www.cisco.com/en/US/products/products_security_res...
vendor-advisoryx_refsource_CISCO
http://securitytracker.com/id?1019006
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.