CVE-2007-5468

CVE Database · CVE-2007-5468

CVE-2007-5468

· N/AModified

CVSS v3.1

N/A

EPSS

1.59%

Published

Oct 15, 2007

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").

Weaknesses (CWE)

CWE-264

Affected Products (1)

cisco · call_managervulnerable

References (14)

http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.html

http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066691.html

http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066694.html

http://secunia.com/advisories/27231

http://www.securityfocus.com/bid/26057

http://www.vupen.com/english/advisories/2007/3534

https://exchange.xforce.ibmcloud.com/vulnerabilities/37197

http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.html

http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066691.html

http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066694.html

http://secunia.com/advisories/27231

KEV Catalog EPSS Scores Vendors All CVEs