Vulnerability Database

308,485

Total vulnerabilities in the database

CVE-2007-6190

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

Published: Nov 30, 2007
Updated: Nov 9, 2025
CVE: CVE-2007-6190
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
cisco / unified_ip_phone	-	-

http://osvdb.org/40874
http://secunia.com/advisories/27829
http://securitytracker.com/id?1019006
http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html
http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf
http://www.securityfocus.com/bid/26668
http://www.vupen.com/english/advisories/2007/4036

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo