CVE-2007-3319

Published: Jun 21, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.

Affected (1)

Products: Avaya: 4602sw Ip Phone

1 product

4602sw Ip Phone

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avaya 4602sw Ip Phone	Version r2.2

References (12)

http://osvdb.org/38115

Source: cve@mitre.org

http://secunia.com/advisories/25747

Source: cve@mitre.org

Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2007-263.htm

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/24539

Source: cve@mitre.org

http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=299&

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/34972

Source: cve@mitre.org

http://osvdb.org/38115

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25747

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2007-263.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/24539

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=299&

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/34972

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.