CVE-2007-5361
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.
EL Communication Server en Alcatel-Lucent OmniPCX Enterprise 7.1 y anteriores cachea una dirección IP durante una respuesta TFTP desde una IP Touch phone, y utiliza esta dirección IP como el destino para todos los paquetes de subsecuencia VoIP en este teléfono, lo cual podría permitir a atacantes remotos provocar denegación de servicio (pérdida de audio) o interceptar comunicaciones de voz a través de una respuesta TFTP que contiene la dirección MAC del teléfono en el nombre de archivo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-10 CVE Reserved
- 2007-11-20 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/40522 | Vdb Entry | |
| http://secunia.com/advisories/27710 | Third Party Advisory | |
| http://securityreason.com/securityalert/3387 | Third Party Advisory | |
| http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/483925/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/26494 | Vdb Entry | |
| http://www.securitytracker.com/id?1018983 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/3919 | Vdb Entry | |
| http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38560 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Alcatel-lucent Search vendor "Alcatel-lucent" | Omnipcx Search vendor "Alcatel-lucent" for product "Omnipcx" | <= 7.1 Search vendor "Alcatel-lucent" for product "Omnipcx" and version " <= 7.1" | enterprise |
Affected
| ||||||