CVE-2007-3439 in Snom 320 Linuxinfo

Summary

by MITRE

The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 10/27/2017

The vulnerability identified as CVE-2007-3439 affects the snom 320 SIP phone, a VoIP device commonly used in enterprise communication environments. This device operates on a linux-based embedded system with specific firmware versions including snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36. The flaw resides in the device's web server implementation which fails to properly authenticate or authorize access to sensitive call log information. This represents a critical security weakness that directly violates principles of information security and access control, as the device exposes call history data through an unsecured web interface.

The technical implementation of this vulnerability stems from insufficient input validation and authentication mechanisms within the web server component of the snom 320 phone. Attackers can exploit this weakness by making direct HTTP requests to the web server running on port 1800 without requiring any credentials or authentication tokens. The device's web interface appears to lack proper access controls that would normally require user authentication before exposing sensitive call log data including missed calls, received calls, and dialed numbers. This configuration creates an information disclosure vulnerability that falls under CWE-200, which specifically addresses information exposure through improper access control mechanisms.

The operational impact of this vulnerability extends beyond simple information disclosure, as it provides attackers with comprehensive call history data that can be used for social engineering, targeted attacks, or corporate espionage. The exposure of call logs including dialed numbers reveals communication patterns and potentially sensitive business information about the organization's operations and relationships. This vulnerability can be exploited remotely, meaning attackers do not need physical access to the device or network connectivity within the local network to exploit the flaw. The attack surface is particularly concerning given that VoIP phones often operate in environments with sensitive corporate communications and may be accessible from untrusted network segments.

Organizations using snom 320 phones should implement immediate mitigations including network segmentation to isolate VoIP devices from general network access, disabling unnecessary web services on the device, and applying firmware updates when available. The vulnerability demonstrates the importance of secure configuration practices and proper network architecture design, aligning with ATT&CK framework techniques that emphasize credential access and reconnaissance activities. Security professionals should also consider implementing network monitoring to detect unauthorized access attempts to VoIP device interfaces and establish proper access control policies for all networked devices. The incident highlights the critical need for regular security assessments of embedded systems and VoIP infrastructure to identify similar authentication bypass vulnerabilities that could compromise sensitive communication data.

Reservation

06/26/2007

Disclosure

06/26/2007

Moderation

accepted

Entry

VDB-37511

CPE

ready

EPSS

0.01898

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!