CVE-2007-5640

Severity Score

7.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration.

El Nortel UNIStim IP Softphone 2050, IP Phone 1140E,y productos adicionales Nortel desde el IP Phone, Business Communications Manager (BCM), Mobile Voice Client, y otras líneas de producto, permite a atacantes remotos bloquear llamadas y forzar la re-registro a través de un mensaje de reanudación en Server que tiene un dirección IP fuente falsa para el teléfono. NOTA: el atacantes es más destructivo si un nuevo mensaje de reanudación falso es envíado después de cada re-registro.

*Credits: N/A

CVSS Scores

NISTv2 7.1

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-10-23 CVE Reserved
2007-10-23 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-10-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (8)

URL	Tag	Source
http://osvdb.org/41772	Vdb Entry
http://securityreason.com/securityalert/3274	Third Party Advisory
http://www.securityfocus.com/archive/1/482481/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/26124	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/37254	Vdb Entry

URL	Date	SRC
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt	2024-08-07

URL	Date	SRC
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641	2018-10-15

URL	Date	SRC
http://secunia.com/advisories/27234	2018-10-15

Affected Vendors, Products, and Versions

Match found for: AND_3_NODES_OR__AP_AP_AP_PART1_MIXED__VULN0_False_VULN1_False_VULN2_True

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status