CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1838
https://notcve.org/view.php?id=CVE-2012-1838
22 Mar 2012 — The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page. La interfaz de gestión vía web en el switch LG-Nortel ELO GS24M permite a atacantes remotos eludir la autenticación, y por lo tanto obtener credenciales sin cifrar e información de configuración, a través de una petición directa a una página web de configuración. • http://osvdb.org/80370 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2008-6576
https://notcve.org/view.php?id=CVE-2008-6576
01 Apr 2009 — Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions. Vulnerabilidad no especificada en la "sesión técnica limitada" en el servicio FTP en Nortel Communications Server 1000 (CS1K) 4.50.x, cuando se está ejecutando en VGMC o s... • http://osvdb.org/44380 •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2008-6577
https://notcve.org/view.php?id=CVE-2008-6577
01 Apr 2009 — Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges. Nortel MG1000S, Signaling Server, y Call Server en el Communications Server 1000 (CS1K) 4.50.x contiene múltiples cuentas y contrseñas fijadas en código sin especificar, lo cual permite a atacantes remotos conseguir privilegios. • http://osvdb.org/44374 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2008-6578
https://notcve.org/view.php?id=CVE-2008-6578
01 Apr 2009 — Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors. Múltiples vulnerabilidades no especificadas en Nortel Communication Server 1000 4.50.x permiten a atacantes remotos ejecutar comandos de su elección y conseguir privilegios, obtener información sensible, o provocar una denegación de servicio a través de vectores desconocidos. • http://osvdb.org/44375 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-6579
https://notcve.org/view.php?id=CVE-2008-6579
01 Apr 2009 — Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators." Nortel Communication Server 1000 4.50.x permite a atacantes remotos obtener estructuras de aplicación Web a través de vectores desconocidos relacionados con "recursos web de teléfonos y administradores". • http://osvdb.org/44377 •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2008-6564
https://notcve.org/view.php?id=CVE-2008-6564
31 Mar 2009 — Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks. Protocolo Nortel UNIStim, utilizado en Communication Server 1000 y otros productos, utiliza números de secuencia predecibles, lo que permite a atacantes remotos secuestrar seisiones a través de ataques de rastreo o fuerza bruta. • http://osvdb.org/44379 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2008-5871
https://notcve.org/view.php?id=CVE-2008-5871
08 Jan 2009 — Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command. Nortel Multimedia Communication Server (MSC) 5100 v3.0.13 no verifica credenciales durante la llamada de reemplazo, lo cual permite a atacantes remotos envenenar y redireccionar llamadas VoIP, posiblemente relacionado con el comando "snoop". • http://secunia.com/advisories/32203 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-5872
https://notcve.org/view.php?id=CVE-2008-5872
08 Jan 2009 — Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values. Múltiples vulnerabilidades no especificadas en el Protocolo de Transferencia de Ficheros UNIStim (UFTP) procesando en IP Client Manager (IPCM) en Nortel Multimedia Commu... • http://secunia.com/advisories/32203 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 10%CPEs: 1EXPL: 1CVE-2008-4999 – Nortel UNIStim IP Phone - Remote Ping Denial of Service
https://notcve.org/view.php?id=CVE-2008-4999
07 Nov 2008 — Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue. El teléfono IP Nortel Networks UNIStim 0604DAS , permite a atacantes remotos provocar una denegación de servicio (caída) a través de un paquete ping largo ("Ping de la muerte"). Nota: Esta característ... • https://www.exploit-db.com/exploits/31306 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3157
https://notcve.org/view.php?id=CVE-2008-3157
11 Jul 2008 — Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions. Nortel SIP Multimedia PC Client 4.x MCS5100 y MCS5200 no limita el número de sesiones simultáneas, lo cual permite a atacantes provocar una denegación de servicio (agotamiento de recursos) a través de sesiones con números largos. • http://secunia.com/advisories/30854 • CWE-399: Resource Management Errors •