CVE-2007-2334
https://notcve.org/view.php?id=CVE-2007-2334
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests. Nortel VPN Router (también conocido como Contivity) 1000, 2000, 4000, y 5000 anterior a 5_05.149, 5_05.3xx anterior 5_05.304, y 6.x anterior 6_05.140 tiene dos archivos de plantilla html que carecen de ciertas etiquetas de verificación, lo cual podría permitir a atacantes remotos acceder a la interfaz de administrador y cambiar los controladores de configuración a través de ciertas respuestas. • http://osvdb.org/35056 http://secunia.com/advisories/24962 http://www.securityfocus.com/bid/23562 http://www.securitytracker.com/id?1017943 http://www.vupen.com/english/advisories/2007/1464 http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null •
CVE-2007-2333
https://notcve.org/view.php?id=CVE-2007-2333
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network. Nortel VPN Router (también conocido como Contivity) 1000, 2000, 4000, y 5000 anterior a 5_05.149, 5_05.3xx anterior 5_05.304, y 6.x anterior 6_05.140 incluyen las cuentas por defecto FIPSecryptedtest1219 y FIPSunecryptedtest1219 en la plantilla LDAP, lo cual podría permitir a atacantes remotos acceder a la red privada. • http://osvdb.org/35055 http://secunia.com/advisories/24962 http://www.securityfocus.com/bid/23562 http://www.securitytracker.com/id?1017943 http://www.vupen.com/english/advisories/2007/1464 http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null •
CVE-2005-2579
https://notcve.org/view.php?id=CVE-2005-2579
Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box. • http://marc.info/?l=bugtraq&m=112370730131219&w=2 •
CVE-2005-1802
https://notcve.org/view.php?id=CVE-2005-1802
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. • http://securitytracker.com/id?1014068 http://www.nta-monitor.com/news/vpn-flaws/nortel/vpn-router-dos http://www.securityfocus.com/archive/1/399423 http://www.securityfocus.com/bid/13792 •
CVE-2005-0844
https://notcve.org/view.php?id=CVE-2005-0844
Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. • http://marc.info/?l=bugtraq&m=111151589203707&w=2 http://securitytracker.com/id?1013512 http://www.nta-monitor.com/news/vpn-flaws/nortel/nortel-client https://exchange.xforce.ibmcloud.com/vulnerabilities/19791 • CWE-310: Cryptographic Issues •