CVE-2007-5361 - Vulnerability Details - OpenCVE

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Alcatel-lucent	Omnipcx

Configuration 1 [-]

cpe:2.3:a:alcatel-lucent:omnipcx:*:*:enterprise:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/40522
http://secunia.com/advisories/27710
http://securityreason.com/securityalert/3387
http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt
http://www.securityfocus.com/archive/1/483925/100/0/threaded
http://www.securityfocus.com/bid/26494
http://www.securitytracker.com/id?1018983
http://www.vupen.com/english/advisories/2007/3919
http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38560

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-20T19:00:00

Updated: 2024-08-07T15:31:57.166Z

Reserved: 2007-10-10T00:00:00

Link: CVE-2007-5361

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-11-20T19:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-5361

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-19T00:00:00", "descriptions": [{"lang": "en", "value": "The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3387", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3387"}, {"name": "27710", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27710"}, {"tags": ["x_refsource_MISC"], "url": "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt"}, {"name": "26494", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26494"}, {"name": "omnipcx-tftp-dos(38560)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38560"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf"}, {"name": "20071119 Alcatel OmniPCX Enterprise VoIP Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/483925/100/0/threaded"}, {"name": "ADV-2007-3919", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3919"}, {"name": "40522", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40522"}, {"name": "1018983", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018983"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5361", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3387", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3387"}, {"name": "27710", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27710"}, {"name": "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt", "refsource": "MISC", "url": "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt"}, {"name": "26494", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26494"}, {"name": "omnipcx-tftp-dos(38560)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38560"}, {"name": "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf", "refsource": "CONFIRM", "url": "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf"}, {"name": "20071119 Alcatel OmniPCX Enterprise VoIP Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/483925/100/0/threaded"}, {"name": "ADV-2007-3919", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3919"}, {"name": "40522", "refsource": "OSVDB", "url": "http://osvdb.org/40522"}, {"name": "1018983", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018983"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:31:57.166Z"}, "title": "CVE Program Container", "references": [{"name": "3387", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3387"}, {"name": "27710", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27710"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt"}, {"name": "26494", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26494"}, {"name": "omnipcx-tftp-dos(38560)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38560"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf"}, {"name": "20071119 Alcatel OmniPCX Enterprise VoIP Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/483925/100/0/threaded"}, {"name": "ADV-2007-3919", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3919"}, {"name": "40522", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/40522"}, {"name": "1018983", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018983"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5361", "datePublished": "2007-11-20T19:00:00", "dateReserved": "2007-10-10T00:00:00", "dateUpdated": "2024-08-07T15:31:57.166Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alcatel-lucent:omnipcx:*:*:enterprise:*:*:*:*:*", "matchCriteriaId": "7C73DC38-1951-4041-B574-3B22547F6BC9", "versionEndIncluding": "7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename."}, {"lang": "es", "value": "EL Communication Server en Alcatel-Lucent OmniPCX Enterprise 7.1 y anteriores cachea una direcci\u00f3n IP durante una respuesta TFTP desde una IP Touch phone, y utiliza esta direcci\u00f3n IP como el destino para todos los paquetes de subsecuencia VoIP en este tel\u00e9fono, lo cual podr\u00eda permitir a atacantes remotos provocar denegaci\u00f3n de servicio (p\u00e9rdida de audio) o interceptar comunicaciones de voz a trav\u00e9s de una respuesta TFTP que contiene la direcci\u00f3n MAC del tel\u00e9fono en el nombre de archivo."}], "id": "CVE-2007-5361", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-11-20T19:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/40522"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27710"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3387"}, {"source": "cve@mitre.org", "url": "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/483925/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26494"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018983"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3919"}, {"source": "cve@mitre.org", "url": "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/40522"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27710"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3387"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/483925/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26494"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3919"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38560"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}