Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5639

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2007-5639
Last Modified 05 Sep 2008 05:31:17
Published 23 Oct 2007 01:46:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5639

Summary

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service (device hang) via a flood of Mute and UnMute messages that have a spoofed source IP address for the Signaling Server.

Vulnerable Systems

Application

  • Nortel Ip Softphone 2050

  • Nortel Mobile Voice Client 2050


References

BID - 26122

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654715

XF - nortel-ipphone-spoof-dos(37253)

BUGTRAQ - 20071018 Nortel IP Phone Flooding Denial of Service

MISC - http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_flooding_denial_of_service_v1.0.txt

SREASON - 3273


Last Updated: 27 May 2016 10:46:14