CVE-2007-5640

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/41772
http://secunia.com/advisories/27234	Vendor Advisory
http://securityreason.com/securityalert/3274
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641	Patch
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt	Exploit
http://www.securityfocus.com/archive/1/482481/100/0/threaded
http://www.securityfocus.com/bid/26124
https://exchange.xforce.ibmcloud.com/vulnerabilities/37254
http://osvdb.org/41772
http://secunia.com/advisories/27234	Vendor Advisory
http://securityreason.com/securityalert/3274
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641	Patch
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt	Exploit
http://www.securityfocus.com/archive/1/482481/100/0/threaded
http://www.securityfocus.com/bid/26124
https://exchange.xforce.ibmcloud.com/vulnerabilities/37254

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nortel:multimedia_communication_server_5100::::::::
	cpe:2.3:a:nortel:multimedia_communication_server_5200::::::::

OR	cpe:2.3:a:nortel:communications_server:1000e:::::::*
	cpe:2.3:a:nortel:communications_server:1000m:::::::*
	cpe:2.3:a:nortel:communications_server:1000s:::::::*
	cpe:2.3:a:nortel:communications_server:2100:::::::*
	cpe:2.3:h:nortel:ip_audio_conference_phone_2033::::::::
	cpe:2.3:h:nortel:ip_phone_1110::::::::
	cpe:2.3:h:nortel:ip_phone_1120e::::::::
	cpe:2.3:h:nortel:ip_phone_1140e::::::::
	cpe:2.3:h:nortel:ip_phone_1150e::::::::
	cpe:2.3:h:nortel:ip_phone_2001::::::::
	cpe:2.3:h:nortel:ip_phone_2002::::::::
	cpe:2.3:h:nortel:ip_phone_2004::::::::
	cpe:2.3:h:nortel:ip_phone_2007::::::::
	cpe:2.3:h:nortel:wlan_handset_2210::::::::
	cpe:2.3:h:nortel:wlan_handset_2211::::::::
	cpe:2.3:h:nortel:wlan_handset_2212::::::::
	cpe:2.3:h:nortel:wlan_handset_6120::::::::
	cpe:2.3:h:nortel:wlan_handset_6140::::::::

OR	cpe:2.3:a:nortel:business_communications_manager:50:::::::*
	cpe:2.3:a:nortel:business_communications_manager:50a:::::::*
	cpe:2.3:a:nortel:business_communications_manager:50e:::::::*
	cpe:2.3:a:nortel:business_communications_manager:200:::::::*
	cpe:2.3:a:nortel:business_communications_manager:400:::::::*
	cpe:2.3:a:nortel:business_communications_manager:1000:::::::*
	cpe:2.3:a:nortel:business_communications_manager:srg50:::::::*
	cpe:2.3:a:nortel:business_communications_manager:srg200:::::::*
	cpe:2.3:a:nortel:centrex_ip_client_manager::::::::
	cpe:2.3:a:nortel:centrex_ip_element_manager::::::::
	cpe:2.3:a:nortel:meridian_option_11c::::::::
	cpe:2.3:a:nortel:meridian_option_51c::::::::
	cpe:2.3:a:nortel:meridian_option_61c::::::::
	cpe:2.3:a:nortel:meridian_option_81c::::::::
	cpe:2.3:a:nortel:meridian_sl100:cs2100:::::::*
	cpe:2.3:a:nortel:mobile_voice_client_2050::::::::

History

21 Nov 2024, 00:38

Type	Values Removed	Values Added
References	~~() http://osvdb.org/41772 -~~	() http://osvdb.org/41772 -
References	~~() http://secunia.com/advisories/27234 - Vendor Advisory~~	() http://secunia.com/advisories/27234 - Vendor Advisory
References	~~() http://securityreason.com/securityalert/3274 -~~	() http://securityreason.com/securityalert/3274 -
References	~~() http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641 - Patch~~	() http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641 - Patch
References	~~() http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt - Exploit~~	() http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt - Exploit
References	~~() http://www.securityfocus.com/archive/1/482481/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/482481/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/26124 -~~	() http://www.securityfocus.com/bid/26124 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/37254 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/37254 -

Information

Published : 2007-10-23 17:46

Updated : 2025-04-09 00:30

NVD link : CVE-2007-5640

Mitre link : CVE-2007-5640

CVE.ORG link : CVE-2007-5640

JSON object : View

Products Affected

nortel

meridian_option_61c
ip_phone_1150e
ip_phone_1140e
ip_phone_2007
meridian_sl100
ip_phone_2001
wlan_handset_2210
ip_audio_conference_phone_2033
ip_phone_1110
wlan_handset_2212
meridian_option_51c
meridian_option_81c
ip_phone_2004
multimedia_communication_server_5100
business_communications_manager
wlan_handset_6120
centrex_ip_element_manager
wlan_handset_6140
meridian_option_11c
ip_phone_1120e
ip_phone_2002
mobile_voice_client_2050
centrex_ip_client_manager
multimedia_communication_server_5200
communications_server
wlan_handset_2211

CWE

NVD-CWE-noinfo

{"id": "CVE-2007-5640", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-10-23T17:46:00.000", "references": [{"url": "http://osvdb.org/41772", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27234", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3274", "source": "cve@mitre.org"}, {"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/482481/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26124", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37254", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/41772", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27234", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/3274", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/482481/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/26124", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37254", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration."}, {"lang": "es", "value": "El Nortel UNIStim IP Softphone 2050, IP Phone 1140E,y productos adicionales Nortel desde el IP Phone, Business Communications Manager (BCM), Mobile Voice Client, y otras l\u00edneas de producto, permite a atacantes remotos bloquear llamadas y forzar la re-registro a trav\u00e9s de un mensaje de reanudaci\u00f3n en Server que tiene un direcci\u00f3n IP fuente falsa para el tel\u00e9fono. NOTA: el atacantes es m\u00e1s destructivo si un nuevo mensaje de reanudaci\u00f3n falso es env\u00edado despu\u00e9s de cada re-registro."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nortel:multimedia_communication_server_5100:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C924E0F3-999C-4B2B-BFD9-24BDBE4BABA5"}, {"criteria": "cpe:2.3:a:nortel:multimedia_communication_server_5200:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0EBEF64C-2B98-4961-8E2A-C59EA894FE0F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nortel:communications_server:1000e:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0EDBAFA1-329A-4321-990F-9B0972D286E8"}, {"criteria": "cpe:2.3:a:nortel:communications_server:1000m:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9559937B-8F87-49AB-B572-2DB3477CB1BB"}, {"criteria": "cpe:2.3:a:nortel:communications_server:1000s:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA45C92F-3CDF-41A3-BD3F-E9725338E61F"}, {"criteria": "cpe:2.3:a:nortel:communications_server:2100:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6D7FC9EB-4BF5-45C2-A260-ADF4CC218700"}, {"criteria": "cpe:2.3:h:nortel:ip_audio_conference_phone_2033:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3725D9C-E702-45F8-A647-BAA86EA060C6"}, {"criteria": "cpe:2.3:h:nortel:ip_phone_1110:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC7EA846-6B58-4F88-91B2-770388BE5E2C"}, {"criteria": "cpe:2.3:h:nortel:ip_phone_1120e:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D9593EEF-CAC3-455B-972D-5DD2FE4802C2"}, {"criteria": "cpe:2.3:h:nortel:ip_phone_1140e:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1482953-C22F-4FA7-B262-52B136F578CB"}, {"criteria": "cpe:2.3:h:nortel:ip_phone_1150e:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "64B644B1-F5B9-4420-9908-CB4770B3F600"}, {"criteria": "cpe:2.3:h:nortel:ip_phone_2001:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "645B8DCD-27BB-46B2-A41E-4EBC0674AD4C"}, {"criteria": "cpe:2.3:h:nortel:ip_phone_2002:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D52E4B37-7699-41D0-A9B7-965A01808607"}, {"criteria": "cpe:2.3:h:nortel:ip_phone_2004:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD0A3FFE-C169-4C4B-8DDD-B5EFA9ACE238"}, {"criteria": "cpe:2.3:h:nortel:ip_phone_2007:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "76E5B7F9-8163-441D-8900-1FD60AC3579C"}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_2210:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C7F1EFF9-42CB-4F10-940F-E397ED56D423"}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_2211:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A490C36-F529-4448-A8DE-BE2C74041E19"}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_2212:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7A9DC40-0269-403C-8D86-4EE094C5493E"}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_6120:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "54772D2C-5460-4C63-A22A-DBBC497BFBA6"}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_6140:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52D18F26-40F0-4041-95B0-6A2153DD1261"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nortel:business_communications_manager:50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF498EA6-EF04-43A1-9627-E4B77928AAA2"}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:50a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04BB4BDA-893E-4912-9323-3F225435AE7F"}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:50e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6C8AB15-D6F2-4F06-81BB-9D54F692CA24"}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F49ECAF3-0922-4C6B-A991-93504457668A"}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:400:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E34503FD-5462-4D07-B626-A0061EDB6DC8"}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:1000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2401C82A-BC79-435D-B921-FEE8DD3129C7"}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:srg50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D29C329-4026-459C-A8F0-67BEF104FCFC"}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:srg200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A91B8617-7E5F-4373-8A8F-B27F4F3B1699"}, {"criteria": "cpe:2.3:a:nortel:centrex_ip_client_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6B037DA-B11F-41DA-A63A-7FFB88794BD5"}, {"criteria": "cpe:2.3:a:nortel:centrex_ip_element_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE819C43-881A-4209-BC25-B0CDF08313F0"}, {"criteria": "cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C791034-CF75-4779-AB1B-DF7A67361A85"}, {"criteria": "cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5D5C794-DF6D-492F-B34B-CDBB364C7168"}, {"criteria": "cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9CBF345-9D72-459A-ADA2-33DE3A25D156"}, {"criteria": "cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B726AC5D-3270-40D8-9783-F068A682A82D"}, {"criteria": "cpe:2.3:a:nortel:meridian_sl100:cs2100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6B42739-60EB-4A93-85B6-1A95DF36BD51"}, {"criteria": "cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48E2627D-3244-4A66-9EF6-B790EEFD0D4A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

7.1 /10