CVE-2007-5468

EPSS 0.56%
Published 16.10.2007 00:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Call Manager Version5.1.1.3000

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.56%	0.656

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.html

http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066691.html

http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066694.html

http://secunia.com/advisories/27231

http://www.securityfocus.com/bid/26057

http://www.vupen.com/english/advisories/2007/3534

https://exchange.xforce.ibmcloud.com/vulnerabilities/37197

https://nvd.nist.gov/vuln/detail/CVE-2007-5468

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5468

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5468

EUVD