Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Avaya 4602SW SIP电话Cnonce参数认证欺骗漏洞
Vulnerability Description
Avaya 4602SW是一款交换机用的IP电话机。 Avaya 4602SW在处理认证过程存在漏洞,远程攻击者可能利用此漏洞以中间人方式窃听通话。 Avaya 4602SW电话可使用MD5 digest认证方式认证到服务器,但没有使用SIP请求Authorization头中的cnonce参数,这允许扮演成为服务器的中间人劫持电话与服务器之间的通讯,然后监听保密对话。
CVSS Information
N/A
Vulnerability Type
N/A