CVE-2007-5468

CWE-2644 documents4 sources
Severity
5.0MEDIUM
EPSS
0.8%
top 26.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Call Manager
Timeline
PublishedOct 16
Latest updateMay 1

Description

Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/call_manager5.1.1.3000

🔴Vulnerability Details

2
GHSA
GHSA-wr7h-6372-vgmj: Cisco CallManager 52022-05-01
CVEList
CVE-2007-5468: Cisco CallManager 52007-10-16

📋Vendor Advisories

1
Red Hat
Multiple Wireshark issues (CVE-2007-0457, CVE-2007-0458, CVE-2007-0459)2007-02-01
CVE-2007-5468 (MEDIUM CVSS 5) | Cisco CallManager 5.1.1.3000-5 does | cvebase.io