CVE-2007-3319
First published: Thu Jun 21 2007(Updated: )
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya 4602SW IP Phone | =r2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.sipera.com/index.php?action=resources,threat_advisory&tid=299&
- http://support.avaya.com/elmodocs2/security/ASA-2007-263.htm
- http://www.securityfocus.com/bid/24539
- http://secunia.com/advisories/25747
- http://osvdb.org/38115
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34972
- http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=299&
- collector/nvd-historical
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/avaya
- canonical/avaya 4602sw ip phone
- version/avaya 4602sw ip phone/r2.2