Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-5639

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service (device hang) via a flood of Mute and UnMute messages that have a spoofed source IP address for the Signaling Server.

Security Impact Summary

CVE-2007-5639 is a security vulnerability that . Impacting 15 products from nortel, from nortel, from nortel and 12 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 2007, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

2007-10-23T17:46:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

6.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	nortel	ip_audio_conference_phone_2033	*	No
Hardware	nortel	ip_phone_1110	*	No
Hardware	nortel	ip_phone_1120e	*	No
Hardware	nortel	ip_phone_1140e	*	No
Hardware	nortel	ip_phone_1150e	*	No
Hardware	nortel	ip_phone_2001	*	No
Hardware	nortel	ip_phone_2002	*	No
Hardware	nortel	ip_phone_2004	*	No
Hardware	nortel	wlan_handset_2210	*	No
Hardware	nortel	wlan_handset_2211	*	No
Hardware	nortel	wlan_handset_2212	*	No
Hardware	nortel	wlan_handset_6120	*	No
Hardware	nortel	wlan_handset_6140	*	No
Application	nortel	ip_softphone_2050	*	Yes
Application	nortel	mobile_voice_client_2050	*	Yes

References

http://securityreason.com/securityalert/3273 ([email protected])
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654715 Patch ([email protected])
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_flooding_denial_of_service_v1.0.txt Exploit ([email protected])
http://www.securityfocus.com/archive/1/482480/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/26122 Patch ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/37253 ([email protected])
http://securityreason.com/securityalert/3273 (af854a3a-2127-422b-91ae-364da2661108)
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654715 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_flooding_denial_of_service_v1.0.txt Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/482480/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/26122 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37253 (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For nortel's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.