Lucene search

MitreCVE-2007-5639

HistoryOct 23, 2007 - 5:46 p.m.

CVE-2007-5639

2007-10-2317:46:00

mitre

web.nvd.nist.gov

nortel

unistim

ip softphone

2050

ip phone 1140e

denial of service

security vulnerability

cve-2007-5639

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.7

Confidence

High

EPSS

0.021

Percentile

89.4%

JSON

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service (device hang) via a flood of Mute and UnMute messages that have a spoofed source IP address for the Signaling Server.

Affected configurations

Nvd

Node

nortelip_audio_conference_phone_2033

nortelip_phone_1110

nortelip_phone_1120e

nortelip_phone_1140e

nortelip_phone_1150e

nortelip_phone_2001

nortelip_phone_2002

nortelip_phone_2004

nortelwlan_handset_2210

nortelwlan_handset_2211

nortelwlan_handset_2212

nortelwlan_handset_6120

nortelwlan_handset_6140

AND

nortelip_softphone_2050

nortelmobile_voice_client_2050

VendorProductVersionCPE
nortelip_audio_conference_phone_2033*cpe:2.3:h:nortel:ip_audio_conference_phone_2033:*:*:*:*:*:*:*:*
nortelip_phone_1110*cpe:2.3:h:nortel:ip_phone_1110:*:*:*:*:*:*:*:*
nortelip_phone_1120e*cpe:2.3:h:nortel:ip_phone_1120e:*:*:*:*:*:*:*:*
nortelip_phone_1140e*cpe:2.3:h:nortel:ip_phone_1140e:*:*:*:*:*:*:*:*
nortelip_phone_1150e*cpe:2.3:h:nortel:ip_phone_1150e:*:*:*:*:*:*:*:*
nortelip_phone_2001*cpe:2.3:h:nortel:ip_phone_2001:*:*:*:*:*:*:*:*
nortelip_phone_2002*cpe:2.3:h:nortel:ip_phone_2002:*:*:*:*:*:*:*:*
nortelip_phone_2004*cpe:2.3:h:nortel:ip_phone_2004:*:*:*:*:*:*:*:*
nortelwlan_handset_2210*cpe:2.3:h:nortel:wlan_handset_2210:*:*:*:*:*:*:*:*
nortelwlan_handset_2211*cpe:2.3:h:nortel:wlan_handset_2211:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nortel	ip_audio_conference_phone_2033	*	cpe:2.3:h:nortel:ip_audio_conference_phone_2033::::::::
nortel	ip_phone_1110	*	cpe:2.3:h:nortel:ip_phone_1110::::::::
nortel	ip_phone_1120e	*	cpe:2.3:h:nortel:ip_phone_1120e::::::::
nortel	ip_phone_1140e	*	cpe:2.3:h:nortel:ip_phone_1140e::::::::
nortel	ip_phone_1150e	*	cpe:2.3:h:nortel:ip_phone_1150e::::::::
nortel	ip_phone_2001	*	cpe:2.3:h:nortel:ip_phone_2001::::::::
nortel	ip_phone_2002	*	cpe:2.3:h:nortel:ip_phone_2002::::::::
nortel	ip_phone_2004	*	cpe:2.3:h:nortel:ip_phone_2004::::::::
nortel	wlan_handset_2210	*	cpe:2.3:h:nortel:wlan_handset_2210::::::::
nortel	wlan_handset_2211	*	cpe:2.3:h:nortel:wlan_handset_2211::::::::

Rows per page:

1-10 of 151

References

securityreason.com/securityalert/3273

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654715

www.csnc.ch/static/advisory/csnc/nortel_IP_phone_flooding_denial_of_service_v1.0.txt

www.securityfocus.com/archive/1/482480/100/0/threaded

www.securityfocus.com/bid/26122

exchange.xforce.ibmcloud.com/vulnerabilities/37253

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.7

Confidence

High

EPSS

0.021

Percentile

89.4%

JSON

Related for CVE-2007-5639