Vulnerability Details : CVE-2007-5468
Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").
Exploit prediction scoring system (EPSS) score for CVE-2007-5468
Probability of exploitation activity in the next 30 days: 0.75%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-5468
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2007-5468
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5468
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066691.html
[Full-Disclosure] Mailing List Charter
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/37197
Cisco CallManager and OpenSER SIP call hijacking CVE-2007-5468 Vulnerability Report
- http://www.securityfocus.com/bid/26057
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066694.html
[Full-Disclosure] Mailing List Charter
-
http://www.vupen.com/english/advisories/2007/3534
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.html
[Full-Disclosure] Mailing List Charter
Products affected by CVE-2007-5468
- cpe:2.3:h:cisco:call_manager:5.1.1.3000:*:*:*:*:*:*:*