Lucene search

[email protected]CVE-2008-5871

HistoryJan 08, 2009 - 6:30 p.m.

CVE-2008-5871

2009-01-0818:30:04

CWE-255

[email protected]

web.nvd.nist.gov

nortel

msc 5100

voip

spoofing

security vulnerability

cve-2008-5871

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.4%

JSON

Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command.

Affected configurations

NVD

Node

nortelmultimedia_communication_server_5100Match3.0.13

CPENameOperatorVersion
nortel:multimedia_communication_server_5100nortel multimedia communication server 5100eq3.0.13

CPE	Name	Operator	Version
nortel:multimedia_communication_server_5100	nortel multimedia communication server 5100	eq	3.0.13

References

secunia.com/advisories/32203

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=775223

voipshield.com/research-details.php?id=119

www.securityfocus.com/bid/31640

www.vupen.com/english/advisories/2008/2779

exchange.xforce.ibmcloud.com/vulnerabilities/45752

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.4%

JSON

Related for CVE-2008-5871

cvelist1 nvd1 prion1