CVE-2007-5361 - OpenCVE

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:P/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Alcatel-lucent	Omnipcx

Configuration 1 [-]

cpe:2.3:a:alcatel-lucent:omnipcx:*:*:enterprise:*:*:*:*:*

References

Link	Resource
http://osvdb.org/40522
http://secunia.com/advisories/27710
http://securityreason.com/securityalert/3387
http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt
http://www.securityfocus.com/archive/1/483925/100/0/threaded
http://www.securityfocus.com/bid/26494
http://www.securitytracker.com/id?1018983
http://www.vupen.com/english/advisories/2007/3919
http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38560

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-20T19:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-10-10T00:00:00

Link: CVE-2007-5361

JSON object: View

NVD Information

Status : Modified

Published: 2007-11-20T19:46:00.000

Modified: 2018-10-15T21:44:01.607

Link: CVE-2007-5361

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-19T00:00:00", "descriptions": [{"lang": "en", "value": "The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3387", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3387"}, {"name": "27710", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27710"}, {"tags": ["x_refsource_MISC"], "url": "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt"}, {"name": "26494", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26494"}, {"name": "omnipcx-tftp-dos(38560)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38560"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf"}, {"name": "20071119 Alcatel OmniPCX Enterprise VoIP Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/483925/100/0/threaded"}, {"name": "ADV-2007-3919", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3919"}, {"name": "40522", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40522"}, {"name": "1018983", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018983"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5361", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3387", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3387"}, {"name": "27710", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27710"}, {"name": "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt", "refsource": "MISC", "url": "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt"}, {"name": "26494", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26494"}, {"name": "omnipcx-tftp-dos(38560)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38560"}, {"name": "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf", "refsource": "CONFIRM", "url": "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf"}, {"name": "20071119 Alcatel OmniPCX Enterprise VoIP Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/483925/100/0/threaded"}, {"name": "ADV-2007-3919", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3919"}, {"name": "40522", "refsource": "OSVDB", "url": "http://osvdb.org/40522"}, {"name": "1018983", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018983"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5361", "datePublished": "2007-11-20T19:00:00", "dateReserved": "2007-10-10T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alcatel-lucent:omnipcx:*:*:enterprise:*:*:*:*:*", "matchCriteriaId": "7C73DC38-1951-4041-B574-3B22547F6BC9", "versionEndIncluding": "7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename."}, {"lang": "es", "value": "EL Communication Server en Alcatel-Lucent OmniPCX Enterprise 7.1 y anteriores cachea una direcci\u00f3n IP durante una respuesta TFTP desde una IP Touch phone, y utiliza esta direcci\u00f3n IP como el destino para todos los paquetes de subsecuencia VoIP en este tel\u00e9fono, lo cual podr\u00eda permitir a atacantes remotos provocar denegaci\u00f3n de servicio (p\u00e9rdida de audio) o interceptar comunicaciones de voz a trav\u00e9s de una respuesta TFTP que contiene la direcci\u00f3n MAC del tel\u00e9fono en el nombre de archivo."}], "id": "CVE-2007-5361", "lastModified": "2018-10-15T21:44:01.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-11-20T19:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/40522"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27710"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3387"}, {"source": "cve@mitre.org", "url": "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/483925/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26494"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018983"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3919"}, {"source": "cve@mitre.org", "url": "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38560"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}