CVSS: 7.6EPSS: 1%CPEs: 2EXPL: 0CVE-2008-6564
https://notcve.org/view.php?id=CVE-2008-6564
Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks. Protocolo Nortel UNIStim, utilizado en Communication Server 1000 y otros productos, utiliza números de secuencia predecibles, lo que permite a atacantes remotos secuestrar seisiones a través de ataques de rastreo o fuerza bruta. • http://osvdb.org/44379 http://secunia.com/advisories/29747 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455 http://www.securityfocus.com/bid/28691 http://www.securitytracker.com/id?1019847 http://www.voipshield.com/research-details.php?id=27&s=4&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC https://exchange.xforce.ibmcloud.com/vulnerabilities/41801 •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-5872
https://notcve.org/view.php?id=CVE-2008-5872
Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values. Múltiples vulnerabilidades no especificadas en el Protocolo de Transferencia de Ficheros UNIStim (UFTP) procesando en IP Client Manager (IPCM) en Nortel Multimedia Communication Server (MSC) 5100 v3.0.13 permite a atacantes remotos provocar una denegación de servicio (agotamiento de dispositivo) a través de un mensaje UFTP que tiene un tamaño bloqueado negativo u otros valores Connection Details manipulados. • http://secunia.com/advisories/32203 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=774845 http://voipshield.com/research-details.php?id=120 http://www.securityfocus.com/bid/31633 http://www.vupen.com/english/advisories/2008/2779 https://exchange.xforce.ibmcloud.com/vulnerabilities/45751 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5871
https://notcve.org/view.php?id=CVE-2008-5871
Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command. Nortel Multimedia Communication Server (MSC) 5100 v3.0.13 no verifica credenciales durante la llamada de reemplazo, lo cual permite a atacantes remotos envenenar y redireccionar llamadas VoIP, posiblemente relacionado con el comando "snoop". • http://secunia.com/advisories/32203 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=775223 http://voipshield.com/research-details.php?id=119 http://www.securityfocus.com/bid/31640 http://www.vupen.com/english/advisories/2008/2779 https://exchange.xforce.ibmcloud.com/vulnerabilities/45752 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 10%CPEs: 1EXPL: 1CVE-2008-4999 – Nortel UNIStim IP Phone - Remote Ping Denial of Service
https://notcve.org/view.php?id=CVE-2008-4999
Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue. El teléfono IP Nortel Networks UNIStim 0604DAS , permite a atacantes remotos provocar una denegación de servicio (caída) a través de un paquete ping largo ("Ping de la muerte"). Nota: Esta característica no ha podido ser reproducida por terceras partes, que lo chequearon en un 0604DAD. • https://www.exploit-db.com/exploits/31306 http://securityreason.com/securityalert/4568 http://www.securityfocus.com/archive/1/488782/100/100/threaded http://www.securityfocus.com/archive/1/488801/100/100/threaded http://www.securityfocus.com/archive/1/488803/100/100/threaded http://www.securityfocus.com/bid/28004 https://exchange.xforce.ibmcloud.com/vulnerabilities/40993 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3157
https://notcve.org/view.php?id=CVE-2008-3157
Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions. Nortel SIP Multimedia PC Client 4.x MCS5100 y MCS5200 no limita el número de sesiones simultáneas, lo cual permite a atacantes provocar una denegación de servicio (agotamiento de recursos) a través de sesiones con números largos. • http://secunia.com/advisories/30854 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738961 http://www.securitytracker.com/id?1020371 http://www.voipshield.com/research-details.php?id=61 http://www.vupen.com/english/advisories/2008/1942/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43364 • CWE-399: Resource Management Errors •