QwikSec

Security Database

CVE

CWE

Training

CVE-2007-5361

Published: Nov 20, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SREASON

third-party-advisory

x_refsource_SECUNIA

http://www.csnc.ch/static/advisory/csnc/alcatel_omnipcx_enterprise_audio_rerouting_vulnerability_v1.0.txt

x_refsource_MISC

vdb-entry

x_refsource_BID

omnipcx-tftp-dos(38560)

vdb-entry

x_refsource_XF

http://www1.alcatel-lucent.com/psirt/statements/2007004/IPTouchDOS.pdf

x_refsource_CONFIRM

20071119 Alcatel OmniPCX Enterprise VoIP Vulnerability

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.