Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5638

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5638
Last Modified 12 Feb 2009 01:36:15
Published 23 Oct 2007 01:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5638

Summary

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages.

Vulnerable Systems

Application

  • Nortel Business Communications Manager 1000

  • Nortel Business Communications Manager 200

  • Nortel Business Communications Manager 400

  • Nortel Business Communications Manager 50

  • Nortel Business Communications Manager 50a

  • Nortel Business Communications Manager 50e

  • Nortel Business Communications Manager Srg200

  • Nortel Business Communications Manager Srg50

  • Nortel Centrex Ip Client Manager

  • Nortel Centrex Ip Element Manager

  • Nortel Meridian Option 11c

  • Nortel Meridian Option 51c

  • Nortel Meridian Option 61c

  • Nortel Meridian Option 81c

  • Nortel Meridian Sl100 Cs2100

  • Nortel Mobile Voice Client 2050


References

SECUNIA - 27234

XF - nortel-ipphone-audiostream-spoofing(42881)

XF - nortel-ipphone-unistim-audio-hijacking(37255)

BID - 26120

BUGTRAQ - 20071018 Nortel IP Phone Surveillance Mode

MISC - http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt

OSVDB - 41770

SREASON - 3272


Last Updated: 27 May 2016 10:46:14