1. CVE-Search
  2. CVE-2007-5639
ID CVE-2007-5639
Summary The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service (device hang) via a flood of Mute and UnMute messages that have a spoofed source IP address for the Signaling Server.
References
Vulnerable Configurations
  • cpe:2.3:h:nortel:ip_audio_conference_phone_2033:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:ip_audio_conference_phone_2033:*:*:*:*:*:*:*:*
  • cpe:2.3:h:nortel:ip_phone_1110:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:ip_phone_1110:*:*:*:*:*:*:*:*
  • cpe:2.3:h:nortel:ip_phone_1120e:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:ip_phone_1120e:*:*:*:*:*:*:*:*
  • cpe:2.3:h:nortel:ip_phone_1140e:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:ip_phone_1140e:*:*:*:*:*:*:*:*
  • cpe:2.3:h:nortel:ip_phone_1150e:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:ip_phone_1150e:*:*:*:*:*:*:*:*
  • cpe:2.3:h:nortel:ip_phone_2001:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:ip_phone_2001:*:*:*:*:*:*:*:*
  • cpe:2.3:h:nortel:ip_phone_2002:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:ip_phone_2002:*:*:*:*:*:*:*:*
  • cpe:2.3:h:nortel:ip_phone_2004:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:ip_phone_2004:*:*:*:*:*:*:*:*
  • cpe:2.3:h:nortel:wlan_handset_2210:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:wlan_handset_2210:*:*:*:*:*:*:*:*
  • cpe:2.3:h:nortel:wlan_handset_2211:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:wlan_handset_2211:*:*:*:*:*:*:*:*
  • cpe:2.3:h:nortel:wlan_handset_2212:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:wlan_handset_2212:*:*:*:*:*:*:*:*
  • cpe:2.3:h:nortel:wlan_handset_6120:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:wlan_handset_6120:*:*:*:*:*:*:*:*
  • cpe:2.3:h:nortel:wlan_handset_6140:*:*:*:*:*:*:*:*
    cpe:2.3:h:nortel:wlan_handset_6140:*:*:*:*:*:*:*:*
  • cpe:2.3:a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:*
    cpe:2.3:a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:*
  • cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*
    cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 15-10-2018 - 21:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
refmap via4
bid 26122
bugtraq 20071018 Nortel IP Phone Flooding Denial of Service
confirm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654715
misc http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_flooding_denial_of_service_v1.0.txt
sreason 3273
xf nortel-ipphone-spoof-dos(37253)
Last major update 15-10-2018 - 21:45
Published 23-10-2007 - 17:46
Last modified 15-10-2018 - 21:45
Back to Top