Vulnerabilities > CVE-2007-3319 - Unspecified vulnerability in Avaya 4602Sw IP Phone R2.2

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

avaya

NVD

Published: 2007-06-21

Updated: 2023-11-07

Summary

The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.

Vulnerable Configurations

Part	Description	Count
Hardware	Avaya Avaya 4602Sw IP Phone R2.2	1

References

http://support.avaya.com/elmodocs2/security/ASA-2007-263.htm
http://www.securityfocus.com/bid/24539
http://secunia.com/advisories/25747
http://osvdb.org/38115
https://exchange.xforce.ibmcloud.com/vulnerabilities/34972
http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=299&