Unrated severityNVD Advisory· Published Nov 30, 2007· Updated Apr 23, 2026

CVE-2007-6190

Description

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

Affected products

Cisco Systems, Inc./Unified Ip Phone
cpe:2.3:h:cisco:unified_ip_phone:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/27829nvdVendor Advisory
osvdb.org/40874nvd
securitytracker.com/idnvd
www.cisco.com/en/US/products/products_security_response09186a0080903a6d.htmlnvd
www.hack.lu/pres/hacklu07_Remote_wiretapping.pdfnvd
www.securityfocus.com/bid/26668nvd
www.vupen.com/english/advisories/2007/4036nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000