CVE-2007-6190

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

Published: Nov 30, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-6190
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
cisco / unified_ip_phone	-	-

http://osvdb.org/40874
http://secunia.com/advisories/27829
http://securitytracker.com/id?1019006
http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html
http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf
http://www.securityfocus.com/bid/26668
http://www.vupen.com/english/advisories/2007/4036

Vulnerability Database

CVE-2007-6190