CVE-2007-5361

Name of the Vulnerable Software and Affected Versions: Alcatel-Lucent OmniPCX Enterprise versions 7.1 and earlier

Description: The issue allows remote attackers to cause a denial of service, such as loss of audio, or intercept voice communications. This is achieved through a crafted TFTP request containing the phone's MAC address in the filename, which exploits the caching mechanism of the Communication Server during a TFTP request from an IP Touch phone.

Recommendations: For Alcatel-Lucent OmniPCX Enterprise versions 7.1 and earlier, consider restricting access to the TFTP service to minimize the risk of exploitation. As a temporary workaround, limit the ability to send crafted TFTP requests to the Communication Server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.