Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-3319 | 1 Avaya | 1 4602sw Ip Phone | 2017-07-28 | 7.5 HIGH | N/A |
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications. | |||||
CVE-2007-3320 | 1 Avaya | 1 4602sw Ip Phone | 2017-07-28 | 5.0 MEDIUM | N/A |
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact. | |||||
CVE-2007-3321 | 1 Avaya | 1 4602sw Ip Phone | 2017-07-28 | 5.0 MEDIUM | N/A |
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp). | |||||
CVE-2007-3322 | 1 Avaya | 1 4602sw Ip Phone | 2017-07-28 | 5.0 MEDIUM | N/A |
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port. |