Unrated severityNVD Advisory· Published Oct 16, 2007· Updated Apr 23, 2026

CVE-2007-5468

Description

Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").

Affected products

Cisco Systems, Inc./Call Manager
cpe:2.3:h:cisco:call_manager:5.1.1.3000:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.htmlnvd
lists.grok.org.uk/pipermail/full-disclosure/2007-October/066691.htmlnvd
lists.grok.org.uk/pipermail/full-disclosure/2007-October/066694.htmlnvd
secunia.com/advisories/27231nvd
www.securityfocus.com/bid/26057nvd
www.vupen.com/english/advisories/2007/3534nvd
exchange.xforce.ibmcloud.com/vulnerabilities/37197nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000