CVE-2007-6190
Cisco Unified IP Phone - Authenticated Audio Eavesdropping via Extension Mobility RTP Stream
Title source: llmDescription
The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26668
Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1019006
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27829
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40874
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4036
Various Sources x_refsource_misc
http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf
Scores
EPSS
0.0104
EPSS Percentile
59.8%
Details
CWE
CWE-200
Status
published
Products (1)
cisco/unified_ip_phone
Published
Nov 30, 2007
Tracked Since
Feb 18, 2026