Unrated severityNVD Advisory· Published Jun 21, 2007· Updated Apr 23, 2026

CVE-2007-3319

Description

The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.

Affected products

Avaya/4602sw Ip Phone
cpe:2.3:h:avaya:4602sw_ip_phone:r2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/25747nvdVendor Advisory
support.avaya.com/elmodocs2/security/ASA-2007-263.htmnvdVendor Advisory
osvdb.org/38115nvd
www.securityfocus.com/bid/24539nvd
www.sipera.com/index.phpnvd
exchange.xforce.ibmcloud.com/vulnerabilities/34972nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000