NVD

Id
57427  
Name
CVE-2007-5361  
Description
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone"s MAC address in the filename.  
Reject
 
CVSS Version
2  
CVSS Score
8.5  
Severity
High  
CVSS Base Score
8.5  
CVSS Impact Subscore
7.8  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:C)  
Pub Date
2017-01-07  
Published
2007-11-20  
Modified Date
2011-03-07  
Seq
2007-5361  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
293658 57427 CVE-2007-5361 3387  View
293659 57427 CVE-2007-5361 http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt  View
293660 57427 CVE-2007-5361 20071119 Alcatel OmniPCX Enterprise VoIP Vulnerability  View
293661 57427 CVE-2007-5361 26494  View
293662 57427 CVE-2007-5361 1018983  View
293663 57427 CVE-2007-5361 ADV-2007-3919  View
293664 57427 CVE-2007-5361 http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf  View
293665 57427 CVE-2007-5361 omnipcx-tftp-dos(38560)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
54064 JVNDB-2007-002756 Alcatel-Lucent OmniPCX Enterprise の Communication Server におけるサービス運用妨害 (DoS) の脆弱性 Alcatel-Lucent OmniPCX Enterprise の Communication Server は、IP Touch phone からの TFTP リクエストの間に、IP アドレスをキャッシュした後に電話機へ送信される全ての VoIP パケットの行き先としてこの IP アドレスを使用するため、サービス運用妨害 (オーディオの損失) 状態となる脆弱性が存在します。 CVE-2007-5361 28716 CVE-2007-5361 57427 8.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002756.html 2007-11-20 2012-06-26 View