CVE-2007-6190

CVE Database · CVE-2007-6190

CVE-2007-6190

· N/AModified

CVSS v3.1

N/A

EPSS

1.04%

Published

Nov 29, 2007

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

Weaknesses (CWE)

CWE-200

Affected Products (1)

cisco · unified_ip_phonevulnerable

References (14)

http://osvdb.org/40874

http://secunia.com/advisories/27829

Vendor Advisory

http://securitytracker.com/id?1019006

http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html

http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf

http://www.securityfocus.com/bid/26668