Avaya: >> 4602sw Ip Phone >> r2.2 Security Vulnerabilities
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.
CVSS Score
7.5
EPSS Score
0.011
Published
2007-06-21
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact.
CVSS Score
5.0
EPSS Score
0.006
Published
2007-06-21
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp).
CVSS Score
5.0
EPSS Score
0.007
Published
2007-06-21
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port.
CVSS Score
5.0
EPSS Score
0.007
Published
2007-06-21