CVE-2007-3319

CVSS 7.5 - HIGH
Description

The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.

Affected Products
1
Vendor Product Version
avaya 4602sw_ip_phone r2.2
References
http://osvdb.org/38115
http://secunia.com/advisories/25747
http://support.avaya.com/elmodocs2/security/ASA-20...
http://www.securityfocus.com/bid/24539
http://www.sipera.com/index.php?action=resources%2...
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
http://osvdb.org/38115
http://secunia.com/advisories/25747
http://support.avaya.com/elmodocs2/security/ASA-20...
http://www.securityfocus.com/bid/24539
http://www.sipera.com/index.php?action=resources%2...
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
Weakness Types
NVD-CWE-Other
CVE Information
CVE ID:
CVE-2007-3319
Published:
2007-06-21
Modified:
2026-04-23
CVSS Score:
7.5
Severity:
HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Vendors
avaya
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL