Vulnerability Description
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | 4602Sw Ip Phone | r2.2 |
References
- http://osvdb.org/38115
- http://secunia.com/advisories/25747Vendor Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2007-263.htmVendor Advisory
- http://www.securityfocus.com/bid/24539
- http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=299&
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34972
- http://osvdb.org/38115
- http://secunia.com/advisories/25747Vendor Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2007-263.htmVendor Advisory
- http://www.securityfocus.com/bid/24539
- http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=299&
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34972
FAQ
What is CVE-2007-3319?
CVE-2007-3319 is a vulnerability with a CVSS score of 7.5 (HIGH). The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which all...
How severe is CVE-2007-3319?
CVE-2007-3319 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3319?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya 4602Sw Ip Phone.