NVD

Id
55471  
Name
CVE-2007-3319  
Description
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2007-06-21  
Modified Date
2008-11-15  
Seq
2007-3319  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
281898 55471 CVE-2007-3319 http://support.avaya.com/elmodocs2/security/ASA-2007-263.htm  View
281899 55471 CVE-2007-3319 24539  View
281900 55471 CVE-2007-3319 http://www.sipera.com/index.php?action=resources,threat_advisory&tid=299&  View
281901 55471 CVE-2007-3319 avaya-cnonce-call-hijacking(34972)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
53523 JVNDB-2007-002215 Avaya 4602SW IP Phone における中間者攻撃を実行される脆弱性 Avaya 4602SW IP Phone (Model 4602D02A) with SIP firmware は、MD5 ダイジェスト認証中に SIP リクエストの Authorization ヘッダ内の cnonce パラメータを使用しないため、中間者攻撃およびハイジャック、または通信の傍受を実行される脆弱性が存在します。 CVE-2007-3319 26674 CVE-2007-3319 55471 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002215.html 2007-06-19 2012-06-26 View