CVE-2007-6190

Cisco Unified IP Phone - Authenticated Audio Eavesdropping via Extension Mobility RTP Stream

Title source: llm
STIX 2.1

Description

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26668
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1019006
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27829
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/40874
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4036

Scores

EPSS 0.0104
EPSS Percentile 59.8%

Details

CWE
CWE-200
Status published
Products (1)
cisco/unified_ip_phone
Published Nov 30, 2007
Tracked Since Feb 18, 2026