FKIE_CVE-2007-5640

Vulnerability from fkie_nvd - Published: 2007-10-23 17:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration.
References
cve@mitre.orghttp://osvdb.org/41772
cve@mitre.orghttp://secunia.com/advisories/27234Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/3274
cve@mitre.orghttp://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641Patch
cve@mitre.orghttp://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txtExploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/482481/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/26124
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/37254
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/41772
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27234Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3274
af854a3a-2127-422b-91ae-364da2661108http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641Patch
af854a3a-2127-422b-91ae-364da2661108http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/482481/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26124
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/37254
Impacted products
Vendor Product Version
nortel multimedia_communication_server_5100 *
nortel multimedia_communication_server_5200 *
nortel communications_server 1000e
nortel communications_server 1000m
nortel communications_server 1000s
nortel communications_server 2100
nortel ip_audio_conference_phone_2033 *
nortel ip_phone_1110 *
nortel ip_phone_1120e *
nortel ip_phone_1140e *
nortel ip_phone_1150e *
nortel ip_phone_2001 *
nortel ip_phone_2002 *
nortel ip_phone_2004 *
nortel ip_phone_2007 *
nortel wlan_handset_2210 *
nortel wlan_handset_2211 *
nortel wlan_handset_2212 *
nortel wlan_handset_6120 *
nortel wlan_handset_6140 *
nortel business_communications_manager 50
nortel business_communications_manager 50a
nortel business_communications_manager 50e
nortel business_communications_manager 200
nortel business_communications_manager 400
nortel business_communications_manager 1000
nortel business_communications_manager srg50
nortel business_communications_manager srg200
nortel centrex_ip_client_manager *
nortel centrex_ip_element_manager *
nortel meridian_option_11c *
nortel meridian_option_51c *
nortel meridian_option_61c *
nortel meridian_option_81c *
nortel meridian_sl100 cs2100
nortel mobile_voice_client_2050 *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nortel:multimedia_communication_server_5100:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C924E0F3-999C-4B2B-BFD9-24BDBE4BABA5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nortel:multimedia_communication_server_5200:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EBEF64C-2B98-4961-8E2A-C59EA894FE0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nortel:communications_server:1000e:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDBAFA1-329A-4321-990F-9B0972D286E8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nortel:communications_server:1000m:*:*:*:*:*:*:*",
              "matchCriteriaId": "9559937B-8F87-49AB-B572-2DB3477CB1BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nortel:communications_server:1000s:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA45C92F-3CDF-41A3-BD3F-E9725338E61F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:nortel:communications_server:2100:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D7FC9EB-4BF5-45C2-A260-ADF4CC218700",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:ip_audio_conference_phone_2033:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3725D9C-E702-45F8-A647-BAA86EA060C6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:ip_phone_1110:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7EA846-6B58-4F88-91B2-770388BE5E2C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:ip_phone_1120e:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9593EEF-CAC3-455B-972D-5DD2FE4802C2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:ip_phone_1140e:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1482953-C22F-4FA7-B262-52B136F578CB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:ip_phone_1150e:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64B644B1-F5B9-4420-9908-CB4770B3F600",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:ip_phone_2001:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "645B8DCD-27BB-46B2-A41E-4EBC0674AD4C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:ip_phone_2002:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52E4B37-7699-41D0-A9B7-965A01808607",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:ip_phone_2004:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0A3FFE-C169-4C4B-8DDD-B5EFA9ACE238",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:ip_phone_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76E5B7F9-8163-441D-8900-1FD60AC3579C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:wlan_handset_2210:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F1EFF9-42CB-4F10-940F-E397ED56D423",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:wlan_handset_2211:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A490C36-F529-4448-A8DE-BE2C74041E19",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:wlan_handset_2212:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7A9DC40-0269-403C-8D86-4EE094C5493E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:wlan_handset_6120:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54772D2C-5460-4C63-A22A-DBBC497BFBA6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:nortel:wlan_handset_6140:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D18F26-40F0-4041-95B0-6A2153DD1261",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nortel:business_communications_manager:50:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF498EA6-EF04-43A1-9627-E4B77928AAA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:business_communications_manager:50a:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BB4BDA-893E-4912-9323-3F225435AE7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:business_communications_manager:50e:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6C8AB15-D6F2-4F06-81BB-9D54F692CA24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:business_communications_manager:200:*:*:*:*:*:*:*",
              "matchCriteriaId": "F49ECAF3-0922-4C6B-A991-93504457668A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:business_communications_manager:400:*:*:*:*:*:*:*",
              "matchCriteriaId": "E34503FD-5462-4D07-B626-A0061EDB6DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:business_communications_manager:1000:*:*:*:*:*:*:*",
              "matchCriteriaId": "2401C82A-BC79-435D-B921-FEE8DD3129C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:business_communications_manager:srg50:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D29C329-4026-459C-A8F0-67BEF104FCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:business_communications_manager:srg200:*:*:*:*:*:*:*",
              "matchCriteriaId": "A91B8617-7E5F-4373-8A8F-B27F4F3B1699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:centrex_ip_client_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6B037DA-B11F-41DA-A63A-7FFB88794BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:centrex_ip_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE819C43-881A-4209-BC25-B0CDF08313F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C791034-CF75-4779-AB1B-DF7A67361A85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5D5C794-DF6D-492F-B34B-CDBB364C7168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9CBF345-9D72-459A-ADA2-33DE3A25D156",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B726AC5D-3270-40D8-9783-F068A682A82D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:meridian_sl100:cs2100:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B42739-60EB-4A93-85B6-1A95DF36BD51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48E2627D-3244-4A66-9EF6-B790EEFD0D4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone.  NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration."
    },
    {
      "lang": "es",
      "value": "El Nortel UNIStim IP Softphone 2050, IP Phone 1140E,y productos adicionales Nortel desde el IP Phone, Business Communications Manager (BCM), Mobile Voice Client, y otras l\u00edneas de producto, permite a atacantes remotos bloquear llamadas y forzar la re-registro a trav\u00e9s de un mensaje de reanudaci\u00f3n en Server que tiene un direcci\u00f3n IP fuente falsa para el tel\u00e9fono. NOTA: el atacantes es m\u00e1s destructivo si un nuevo mensaje de reanudaci\u00f3n falso es env\u00edado despu\u00e9s de cada re-registro."
    }
  ],
  "id": "CVE-2007-5640",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-10-23T17:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/41772"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27234"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3274"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=654641"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482481/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26124"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/41772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=654641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482481/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37254"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.