CVE-2007-6190

Name of the Vulnerable Software and Affected Versions Cisco Unified IP Phone (affected versions not specified)

Description The issue allows remote authenticated users to eavesdrop on the physical environment of the phone. This is achieved through a CiscoIPPhoneExecute message that contains a URL attribute of an ExecuteItem element, which specifies a Real-Time Transport Protocol (RTP) audio stream. The Extension Mobility feature must be enabled for this issue to occur.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.