CVE-2007-2334

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests.

Nortel VPN Router (también conocido como Contivity) 1000, 2000, 4000, y 5000 anterior a 5_05.149, 5_05.3xx anterior 5_05.304, y 6.x anterior 6_05.140 tiene dos archivos de plantilla html que carecen de ciertas etiquetas de verificación, lo cual podría permitir a atacantes remotos acceder a la interfaz de administrador y cambiar los controladores de configuración a través de ciertas respuestas.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-04-27 CVE Reserved
2007-04-27 CVE Published
2024-04-07 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
http://osvdb.org/35056	Vdb Entry
http://www.securityfocus.com/bid/23562	Vdb Entry
http://www.vupen.com/english/advisories/2007/1464	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/24962	2011-03-08
http://www.securitytracker.com/id?1017943	2011-03-08
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null	2011-03-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nortel Search vendor "Nortel"		Contivity Search vendor "Nortel" for product "Contivity"				1000_vpn_switch Search vendor "Nortel" for product "Contivity" and version "1000_vpn_switch"		-		Affected
Nortel Search vendor "Nortel"		Contivity Search vendor "Nortel" for product "Contivity"				2000_vpn_switch Search vendor "Nortel" for product "Contivity" and version "2000_vpn_switch"		-		Affected
Nortel Search vendor "Nortel"		Contivity Search vendor "Nortel" for product "Contivity"				4000_vpn_switch Search vendor "Nortel" for product "Contivity" and version "4000_vpn_switch"		-		Affected
Nortel Search vendor "Nortel"		Vpn Router 5000 Search vendor "Nortel" for product "Vpn Router 5000"				*		-		Affected