Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-5638

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages.

Published

2007-10-23T17:46:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200
CWE-310

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nortel	multimedia_communication_server_5100	*	No
Application	nortel	multimedia_communication_server_5200	*	No
Application	nortel	communications_server	1000e	No
Application	nortel	communications_server	1000m	No
Application	nortel	communications_server	1000s	No
Application	nortel	communications_server	2100	No
Hardware	nortel	ip_audio_conference_phone_2033	*	No
Hardware	nortel	ip_phone_1110	*	No
Hardware	nortel	ip_phone_1120e	*	No
Hardware	nortel	ip_phone_1140e	*	No
Hardware	nortel	ip_phone_1150e	*	No
Hardware	nortel	ip_phone_2001	*	No
Hardware	nortel	ip_phone_2002	*	No
Hardware	nortel	ip_phone_2004	*	No
Hardware	nortel	ip_phone_2007	*	No
Hardware	nortel	wlan_handset_2210	*	No
Hardware	nortel	wlan_handset_2211	*	No
Hardware	nortel	wlan_handset_2212	*	No
Hardware	nortel	wlan_handset_6120	*	No
Hardware	nortel	wlan_handset_6140	*	No
Application	nortel	business_communications_manager	50	Yes
Application	nortel	business_communications_manager	50a	Yes
Application	nortel	business_communications_manager	50e	Yes
Application	nortel	business_communications_manager	200	Yes
Application	nortel	business_communications_manager	400	Yes
Application	nortel	business_communications_manager	1000	Yes
Application	nortel	business_communications_manager	srg50	Yes
Application	nortel	business_communications_manager	srg200	Yes
Application	nortel	centrex_ip_client_manager	*	Yes
Application	nortel	centrex_ip_element_manager	*	Yes
Application	nortel	meridian_option_11c	*	Yes
Application	nortel	meridian_option_51c	*	Yes
Application	nortel	meridian_option_61c	*	Yes
Application	nortel	meridian_option_81c	*	Yes
Application	nortel	meridian_sl100	cs2100	Yes
Application	nortel	mobile_voice_client_2050	*	Yes

References

http://osvdb.org/41770 ([email protected])
http://secunia.com/advisories/27234 Patch, Vendor Advisory ([email protected])
http://securityreason.com/securityalert/3272 ([email protected])
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt Exploit ([email protected])
http://www.securityfocus.com/archive/1/482478/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/26120 Exploit ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/37255 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/42881 ([email protected])
http://osvdb.org/41770 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27234 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/3272 (af854a3a-2127-422b-91ae-364da2661108)
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/482478/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/26120 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37255 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42881 (af854a3a-2127-422b-91ae-364da2661108)