Lucene search

MitreCVE-2007-5591

HistoryOct 19, 2007 - 11:17 p.m.

CVE-2007-5591

2007-10-1923:17:00

mitre

web.nvd.nist.gov

nortel

voip

servers

vulnerability

denial of service

nvd

cs1000

signaling server

elan ports

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.6

Confidence

High

EPSS

0.04

Percentile

92.2%

JSON

The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports.

Affected configurations

Nvd

Node

nortelcommunications_serverMatch1000e

nortelcommunications_serverMatch1000m

nortelcommunications_serverMatch1000s

AND

nortelmeridian_option_11c

nortelmeridian_option_51c

nortelmeridian_option_61c

nortelmeridian_option_81c

nortelvoip-core-csMatch1000eenterprise

nortelvoip-core-csMatch1000menterprise

nortelvoip-core-csMatch1000senterprise

VendorProductVersionCPE
nortelcommunications_server1000ecpe:2.3:a:nortel:communications_server:1000e:*:*:*:*:*:*:*
nortelcommunications_server1000mcpe:2.3:a:nortel:communications_server:1000m:*:*:*:*:*:*:*
nortelcommunications_server1000scpe:2.3:a:nortel:communications_server:1000s:*:*:*:*:*:*:*
nortelmeridian_option_11c*cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:*
nortelmeridian_option_51c*cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:*
nortelmeridian_option_61c*cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:*
nortelmeridian_option_81c*cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:*
nortelvoip-core-cs1000ecpe:2.3:a:nortel:voip-core-cs:1000e:*:enterprise:*:*:*:*:*
nortelvoip-core-cs1000mcpe:2.3:a:nortel:voip-core-cs:1000m:*:enterprise:*:*:*:*:*
nortelvoip-core-cs1000scpe:2.3:a:nortel:voip-core-cs:1000s:*:enterprise:*:*:*:*:*

Vendor	Product	Version	CPE
nortel	communications_server	1000e	cpe:2.3:a:nortel:communications_server:1000e:::::::*
nortel	communications_server	1000m	cpe:2.3:a:nortel:communications_server:1000m:::::::*
nortel	communications_server	1000s	cpe:2.3:a:nortel:communications_server:1000s:::::::*
nortel	meridian_option_11c	*	cpe:2.3:a:nortel:meridian_option_11c::::::::
nortel	meridian_option_51c	*	cpe:2.3:a:nortel:meridian_option_51c::::::::
nortel	meridian_option_61c	*	cpe:2.3:a:nortel:meridian_option_61c::::::::
nortel	meridian_option_81c	*	cpe:2.3:a:nortel:meridian_option_81c::::::::
nortel	voip-core-cs	1000e	cpe:2.3:a:nortel:voip-core-cs:1000e::enterprise:::::
nortel	voip-core-cs	1000m	cpe:2.3:a:nortel:voip-core-cs:1000m::enterprise:::::
nortel	voip-core-cs	1000s	cpe:2.3:a:nortel:voip-core-cs:1000s::enterprise:::::

References

osvdb.org/41799

secunia.com/advisories/27282

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=655204

www.csnc.ch/static/advisory/csnc/nortel_telephony_server_denial_of_service_v1.0.txt

www.securityfocus.com/archive/1/482484/100/0/threaded

www.securityfocus.com/bid/26113

www.vupen.com/english/advisories/2007/3536

www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022871-01.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/37252

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.6

Confidence

High

EPSS

0.04

Percentile

92.2%

JSON

Related for CVE-2007-5591