Lucene search

MitreCVE-2008-6564

HistoryMar 31, 2009 - 5:30 p.m.

CVE-2008-6564

2009-03-3117:30:00

mitre

web.nvd.nist.gov

nortel

unistim

protocol

vulnerability

communication server 1000

nortel unistim

cve-2008-6564

security

hijack sessions

sniffing

brute force attack

remote attackers

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.015

Percentile

87.2%

JSON

Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks.

Affected configurations

Nvd

Node

nortelcommunication_server_1000

nortelunistim_protocol

VendorProductVersionCPE
nortelcommunication_server_1000*cpe:2.3:a:nortel:communication_server_1000:*:*:*:*:*:*:*:*
nortelunistim_protocol*cpe:2.3:h:nortel:unistim_protocol:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nortel	communication_server_1000	*	cpe:2.3:a:nortel:communication_server_1000::::::::
nortel	unistim_protocol	*	cpe:2.3:h:nortel:unistim_protocol::::::::

References

osvdb.org/44379

secunia.com/advisories/29747

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455

www.securityfocus.com/bid/28691

www.securitytracker.com/id?1019847

www.voipshield.com/research-details.php?id=27&s=4&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC

exchange.xforce.ibmcloud.com/vulnerabilities/41801

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.015

Percentile

87.2%

JSON

Related for CVE-2008-6564