Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2007-5640
HistoryOct 23, 2007 - 5:46 p.m.

CVE-2007-5640

2007-10-2317:46:00
[email protected]
web.nvd.nist.gov
19
nortel
unistim
ip softphone
remote attack
block calls
re-registration
spoofed resume message
signaling server
cve-2007-5640

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.7 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.3%

JSON

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration.

Affected configurations

NVD
Node
nortelmultimedia_communication_server_5100
OR
nortelmultimedia_communication_server_5200
AND
nortelcommunications_serverMatch1000e
OR
nortelcommunications_serverMatch1000m
OR
nortelcommunications_serverMatch1000s
OR
nortelcommunications_serverMatch2100
OR
nortelip_audio_conference_phone_2033
OR
nortelip_phone_1110
OR
nortelip_phone_1120e
OR
nortelip_phone_1140e
OR
nortelip_phone_1150e
OR
nortelip_phone_2001
OR
nortelip_phone_2002
OR
nortelip_phone_2004
OR
nortelip_phone_2007
OR
nortelwlan_handset_2210
OR
nortelwlan_handset_2211
OR
nortelwlan_handset_2212
OR
nortelwlan_handset_6120
OR
nortelwlan_handset_6140
AND
nortelbusiness_communications_managerMatch50
OR
nortelbusiness_communications_managerMatch50a
OR
nortelbusiness_communications_managerMatch50e
OR
nortelbusiness_communications_managerMatch200
OR
nortelbusiness_communications_managerMatch400
OR
nortelbusiness_communications_managerMatch1000
OR
nortelbusiness_communications_managerMatchsrg50
OR
nortelbusiness_communications_managerMatchsrg200
OR
nortelcentrex_ip_client_manager
OR
nortelcentrex_ip_element_manager
OR
nortelmeridian_option_11c
OR
nortelmeridian_option_51c
OR
nortelmeridian_option_61c
OR
nortelmeridian_option_81c
OR
nortelmeridian_sl100Matchcs2100
OR
nortelmobile_voice_client_2050
CPENameOperatorVersion
nortel:business_communications_managernortel business communications managereq50
nortel:business_communications_managernortel business communications managereq50a
nortel:business_communications_managernortel business communications managereq50e
nortel:business_communications_managernortel business communications managereq200
nortel:business_communications_managernortel business communications managereq400
nortel:business_communications_managernortel business communications managereq1000
nortel:business_communications_managernortel business communications managereqsrg50
nortel:business_communications_managernortel business communications managereqsrg200
nortel:centrex_ip_client_managernortel centrex ip client managereq*
nortel:centrex_ip_element_managernortel centrex ip element managereq*
Rows per page:
1-10 of 161

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2007-5640
2007-10-23 17:00:00
prion
prion
Design/Logic Flaw
2007-10-23 17:46:00
nvd
nvd
CVE-2007-5640
2007-10-23 17:46:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.7 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.3%

JSON
Related for CVE-2007-5640
cvelist1prion1nvd1