Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2007-5638
HistoryOct 23, 2007 - 5:46 p.m.

CVE-2007-5638

2007-10-2317:46:00
CWE-310
CWE-200
[email protected]
web.nvd.nist.gov
18
nortel
unistim
ip
vulnerability
remote attackers
rudp
eavesdropping
cve-2007-5638
security
nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.3%

JSON

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages.

Affected configurations

NVD
Node
nortelmultimedia_communication_server_5100
OR
nortelmultimedia_communication_server_5200
AND
nortelcommunications_serverMatch1000e
OR
nortelcommunications_serverMatch1000m
OR
nortelcommunications_serverMatch1000s
OR
nortelcommunications_serverMatch2100
OR
nortelip_audio_conference_phone_2033
OR
nortelip_phone_1110
OR
nortelip_phone_1120e
OR
nortelip_phone_1140e
OR
nortelip_phone_1150e
OR
nortelip_phone_2001
OR
nortelip_phone_2002
OR
nortelip_phone_2004
OR
nortelip_phone_2007
OR
nortelwlan_handset_2210
OR
nortelwlan_handset_2211
OR
nortelwlan_handset_2212
OR
nortelwlan_handset_6120
OR
nortelwlan_handset_6140
AND
nortelbusiness_communications_managerMatch50
OR
nortelbusiness_communications_managerMatch50a
OR
nortelbusiness_communications_managerMatch50e
OR
nortelbusiness_communications_managerMatch200
OR
nortelbusiness_communications_managerMatch400
OR
nortelbusiness_communications_managerMatch1000
OR
nortelbusiness_communications_managerMatchsrg50
OR
nortelbusiness_communications_managerMatchsrg200
OR
nortelcentrex_ip_client_manager
OR
nortelcentrex_ip_element_manager
OR
nortelmeridian_option_11c
OR
nortelmeridian_option_51c
OR
nortelmeridian_option_61c
OR
nortelmeridian_option_81c
OR
nortelmeridian_sl100Matchcs2100
OR
nortelmobile_voice_client_2050
CPENameOperatorVersion
nortel:business_communications_managernortel business communications managereq50
nortel:business_communications_managernortel business communications managereq50a
nortel:business_communications_managernortel business communications managereq50e
nortel:business_communications_managernortel business communications managereq200
nortel:business_communications_managernortel business communications managereq400
nortel:business_communications_managernortel business communications managereq1000
nortel:business_communications_managernortel business communications managereqsrg50
nortel:business_communications_managernortel business communications managereqsrg200
nortel:centrex_ip_client_managernortel centrex ip client managereq*
nortel:centrex_ip_element_managernortel centrex ip element managereq*
Rows per page:
1-10 of 161

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2007-5638
2007-10-23 17:00:00
prion
prion
Design/Logic Flaw
2007-10-23 17:46:00
nvd
nvd
CVE-2007-5638
2007-10-23 17:46:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.3%

JSON
Related for CVE-2007-5638
cvelist1prion1nvd1