CVE-2007-3319

Name of the Vulnerable Software and Affected Versions Avaya 4602SW IP Phone (Model 4602D02A) versions 2.2.2 and earlier

Description The issue concerns the Avaya 4602SW IP Phone, which does not properly utilize the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication. This allows remote attackers to conduct man-in-the-middle attacks, potentially leading to the hijacking or interception of communications.

Recommendations For Avaya 4602SW IP Phone (Model 4602D02A) versions 2.2.2 and earlier, consider updating the SIP firmware to a version that properly implements the cnonce parameter in the Authorization header to prevent man-in-the-middle attacks. As a temporary workaround, restrict access to the SIP requests to minimize the risk of exploitation.