Detections
Analytics

Cisco Unified IP Phone Exposure of Sensitive Information to an Unauthorized Actor (CVE-2007-6190)

low Tenable OT Security Plugin ID 502732

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.securityfocus.com/bid/26668

http://www.vupen.com/english/advisories/2007/4036

http://osvdb.org/40874

http://secunia.com/advisories/27829

http://securitytracker.com/id?1019006

http://www.nessus.org/u?c3b32916

http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf

Plugin Details

Severity: Low

ID: 502732

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 12/4/2024

Updated: 12/5/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2007-6190

Vulnerability Information

CPE: cpe:/h:cisco:unified_ip_phone

Required KB Items: Tenable.ot/Cisco

Exploit Ease: No known exploits are available

Patch Publication Date: 11/30/2007

Vulnerability Publication Date: 11/30/2007

Reference Information

CVE: CVE-2007-6190

CWE: 200