CVE-2007-5640 (GCVE-0-2007-5640)

Vulnerability from cvelistv5 – Published: 2007-10-23 17:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://support.nortel.com/go/main.jsp?cscat=BLTND… x_refsource_CONFIRM
http://secunia.com/advisories/27234 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://osvdb.org/41772 vdb-entryx_refsource_OSVDB
http://securityreason.com/securityalert/3274 third-party-advisoryx_refsource_SREASON
http://www.csnc.ch/static/advisory/csnc/nortel_IP… x_refsource_MISC
http://www.securityfocus.com/archive/1/482481/100… mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/26124 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:39:13.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=654641"
          },
          {
            "name": "27234",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27234"
          },
          {
            "name": "nortel-ipphone-register-dos(37254)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37254"
          },
          {
            "name": "41772",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41772"
          },
          {
            "name": "3274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3274"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt"
          },
          {
            "name": "20071018 Nortel IP Phone forced re-authentication",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482481/100/0/threaded"
          },
          {
            "name": "26124",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26124"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone.  NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=654641"
        },
        {
          "name": "27234",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27234"
        },
        {
          "name": "nortel-ipphone-register-dos(37254)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37254"
        },
        {
          "name": "41772",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41772"
        },
        {
          "name": "3274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3274"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt"
        },
        {
          "name": "20071018 Nortel IP Phone forced re-authentication",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482481/100/0/threaded"
        },
        {
          "name": "26124",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26124"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5640",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone.  NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=654641",
              "refsource": "CONFIRM",
              "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=654641"
            },
            {
              "name": "27234",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27234"
            },
            {
              "name": "nortel-ipphone-register-dos(37254)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37254"
            },
            {
              "name": "41772",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41772"
            },
            {
              "name": "3274",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3274"
            },
            {
              "name": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt",
              "refsource": "MISC",
              "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt"
            },
            {
              "name": "20071018 Nortel IP Phone forced re-authentication",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482481/100/0/threaded"
            },
            {
              "name": "26124",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26124"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5640",
    "datePublished": "2007-10-23T17:00:00",
    "dateReserved": "2007-10-23T00:00:00",
    "dateUpdated": "2024-08-07T15:39:13.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:nortel:multimedia_communication_server_5100:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C924E0F3-999C-4B2B-BFD9-24BDBE4BABA5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:nortel:multimedia_communication_server_5200:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EBEF64C-2B98-4961-8E2A-C59EA894FE0F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:nortel:communications_server:1000e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EDBAFA1-329A-4321-990F-9B0972D286E8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:nortel:communications_server:1000m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9559937B-8F87-49AB-B572-2DB3477CB1BB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:nortel:communications_server:1000s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA45C92F-3CDF-41A3-BD3F-E9725338E61F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:nortel:communications_server:2100:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D7FC9EB-4BF5-45C2-A260-ADF4CC218700\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:ip_audio_conference_phone_2033:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3725D9C-E702-45F8-A647-BAA86EA060C6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:ip_phone_1110:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC7EA846-6B58-4F88-91B2-770388BE5E2C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:ip_phone_1120e:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9593EEF-CAC3-455B-972D-5DD2FE4802C2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:ip_phone_1140e:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1482953-C22F-4FA7-B262-52B136F578CB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:ip_phone_1150e:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64B644B1-F5B9-4420-9908-CB4770B3F600\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:ip_phone_2001:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"645B8DCD-27BB-46B2-A41E-4EBC0674AD4C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:ip_phone_2002:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D52E4B37-7699-41D0-A9B7-965A01808607\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:ip_phone_2004:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD0A3FFE-C169-4C4B-8DDD-B5EFA9ACE238\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:ip_phone_2007:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76E5B7F9-8163-441D-8900-1FD60AC3579C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:wlan_handset_2210:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7F1EFF9-42CB-4F10-940F-E397ED56D423\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:wlan_handset_2211:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A490C36-F529-4448-A8DE-BE2C74041E19\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:wlan_handset_2212:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7A9DC40-0269-403C-8D86-4EE094C5493E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:wlan_handset_6120:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54772D2C-5460-4C63-A22A-DBBC497BFBA6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nortel:wlan_handset_6140:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52D18F26-40F0-4041-95B0-6A2153DD1261\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:business_communications_manager:50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF498EA6-EF04-43A1-9627-E4B77928AAA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:business_communications_manager:50a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04BB4BDA-893E-4912-9323-3F225435AE7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:business_communications_manager:50e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6C8AB15-D6F2-4F06-81BB-9D54F692CA24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:business_communications_manager:200:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F49ECAF3-0922-4C6B-A991-93504457668A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:business_communications_manager:400:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E34503FD-5462-4D07-B626-A0061EDB6DC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:business_communications_manager:1000:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2401C82A-BC79-435D-B921-FEE8DD3129C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:business_communications_manager:srg50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D29C329-4026-459C-A8F0-67BEF104FCFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:business_communications_manager:srg200:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A91B8617-7E5F-4373-8A8F-B27F4F3B1699\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:centrex_ip_client_manager:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6B037DA-B11F-41DA-A63A-7FFB88794BD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:centrex_ip_element_manager:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE819C43-881A-4209-BC25-B0CDF08313F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C791034-CF75-4779-AB1B-DF7A67361A85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5D5C794-DF6D-492F-B34B-CDBB364C7168\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9CBF345-9D72-459A-ADA2-33DE3A25D156\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B726AC5D-3270-40D8-9783-F068A682A82D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:meridian_sl100:cs2100:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6B42739-60EB-4A93-85B6-1A95DF36BD51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48E2627D-3244-4A66-9EF6-B790EEFD0D4A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone.  NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration.\"}, {\"lang\": \"es\", \"value\": \"El Nortel UNIStim IP Softphone 2050, IP Phone 1140E,y productos adicionales Nortel desde el IP Phone, Business Communications Manager (BCM), Mobile Voice Client, y otras l\\u00edneas de producto, permite a atacantes remotos bloquear llamadas y forzar la re-registro a trav\\u00e9s de un mensaje de reanudaci\\u00f3n en Server que tiene un direcci\\u00f3n IP fuente falsa para el tel\\u00e9fono. NOTA: el atacantes es m\\u00e1s destructivo si un nuevo mensaje de reanudaci\\u00f3n falso es env\\u00edado despu\\u00e9s de cada re-registro.\"}]",
      "id": "CVE-2007-5640",
      "lastModified": "2024-11-21T00:38:22.310",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-10-23T17:46:00.000",
      "references": "[{\"url\": \"http://osvdb.org/41772\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27234\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3274\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=654641\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/482481/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26124\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37254\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/41772\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27234\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3274\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=654641\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/482481/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26124\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37254\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5640\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-10-23T17:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone.  NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration.\"},{\"lang\":\"es\",\"value\":\"El Nortel UNIStim IP Softphone 2050, IP Phone 1140E,y productos adicionales Nortel desde el IP Phone, Business Communications Manager (BCM), Mobile Voice Client, y otras l\u00edneas de producto, permite a atacantes remotos bloquear llamadas y forzar la re-registro a trav\u00e9s de un mensaje de reanudaci\u00f3n en Server que tiene un direcci\u00f3n IP fuente falsa para el tel\u00e9fono. NOTA: el atacantes es m\u00e1s destructivo si un nuevo mensaje de reanudaci\u00f3n falso es env\u00edado despu\u00e9s de cada re-registro.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:nortel:multimedia_communication_server_5100:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C924E0F3-999C-4B2B-BFD9-24BDBE4BABA5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:nortel:multimedia_communication_server_5200:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBEF64C-2B98-4961-8E2A-C59EA894FE0F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:nortel:communications_server:1000e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EDBAFA1-329A-4321-990F-9B0972D286E8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:nortel:communications_server:1000m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9559937B-8F87-49AB-B572-2DB3477CB1BB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:nortel:communications_server:1000s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA45C92F-3CDF-41A3-BD3F-E9725338E61F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:nortel:communications_server:2100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D7FC9EB-4BF5-45C2-A260-ADF4CC218700\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:ip_audio_conference_phone_2033:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3725D9C-E702-45F8-A647-BAA86EA060C6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:ip_phone_1110:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC7EA846-6B58-4F88-91B2-770388BE5E2C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:ip_phone_1120e:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9593EEF-CAC3-455B-972D-5DD2FE4802C2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:ip_phone_1140e:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1482953-C22F-4FA7-B262-52B136F578CB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:ip_phone_1150e:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64B644B1-F5B9-4420-9908-CB4770B3F600\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:ip_phone_2001:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645B8DCD-27BB-46B2-A41E-4EBC0674AD4C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:ip_phone_2002:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52E4B37-7699-41D0-A9B7-965A01808607\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:ip_phone_2004:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD0A3FFE-C169-4C4B-8DDD-B5EFA9ACE238\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:ip_phone_2007:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76E5B7F9-8163-441D-8900-1FD60AC3579C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:wlan_handset_2210:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7F1EFF9-42CB-4F10-940F-E397ED56D423\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:wlan_handset_2211:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A490C36-F529-4448-A8DE-BE2C74041E19\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:wlan_handset_2212:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7A9DC40-0269-403C-8D86-4EE094C5493E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:wlan_handset_6120:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54772D2C-5460-4C63-A22A-DBBC497BFBA6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nortel:wlan_handset_6140:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52D18F26-40F0-4041-95B0-6A2153DD1261\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:business_communications_manager:50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF498EA6-EF04-43A1-9627-E4B77928AAA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:business_communications_manager:50a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BB4BDA-893E-4912-9323-3F225435AE7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:business_communications_manager:50e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6C8AB15-D6F2-4F06-81BB-9D54F692CA24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:business_communications_manager:200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F49ECAF3-0922-4C6B-A991-93504457668A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:business_communications_manager:400:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E34503FD-5462-4D07-B626-A0061EDB6DC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:business_communications_manager:1000:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2401C82A-BC79-435D-B921-FEE8DD3129C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:business_communications_manager:srg50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D29C329-4026-459C-A8F0-67BEF104FCFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:business_communications_manager:srg200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A91B8617-7E5F-4373-8A8F-B27F4F3B1699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:centrex_ip_client_manager:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6B037DA-B11F-41DA-A63A-7FFB88794BD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:centrex_ip_element_manager:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE819C43-881A-4209-BC25-B0CDF08313F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C791034-CF75-4779-AB1B-DF7A67361A85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5D5C794-DF6D-492F-B34B-CDBB364C7168\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9CBF345-9D72-459A-ADA2-33DE3A25D156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B726AC5D-3270-40D8-9783-F068A682A82D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:meridian_sl100:cs2100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6B42739-60EB-4A93-85B6-1A95DF36BD51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48E2627D-3244-4A66-9EF6-B790EEFD0D4A\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/41772\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27234\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3274\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=654641\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/482481/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26124\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37254\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/41772\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27234\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=654641\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/482481/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37254\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.