Skip to main content

CVE-2007-5361

Severity High
Score 8.5/10

Summary

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.

  • LOW
  • NETWORK
  • NONE
  • NONE
  • PARTIAL
  • COMPLETE

References

Advisory Timeline

  • Published