CVE-2007-5640

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt	Exploit
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641	Patch
http://www.securityfocus.com/bid/26124
http://secunia.com/advisories/27234	Vendor Advisory
http://securityreason.com/securityalert/3274
http://osvdb.org/41772
https://exchange.xforce.ibmcloud.com/vulnerabilities/37254
http://www.securityfocus.com/archive/1/482481/100/0/threaded

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nortel:multimedia_communication_server_5100::::::::
	cpe:2.3:a:nortel:multimedia_communication_server_5200::::::::

OR	cpe:2.3:a:nortel:communications_server:1000m:::::::*
	cpe:2.3:a:nortel:communications_server:1000s:::::::*
	cpe:2.3:h:nortel:ip_phone_2001::::::::
	cpe:2.3:h:nortel:ip_phone_2002::::::::
	cpe:2.3:h:nortel:wlan_handset_6140::::::::
	cpe:2.3:h:nortel:ip_phone_1110::::::::
	cpe:2.3:h:nortel:ip_phone_1120e::::::::
	cpe:2.3:h:nortel:wlan_handset_2210::::::::
	cpe:2.3:h:nortel:wlan_handset_2211::::::::
	cpe:2.3:a:nortel:communications_server:1000e:::::::*
	cpe:2.3:h:nortel:ip_phone_1140e::::::::
	cpe:2.3:h:nortel:wlan_handset_6120::::::::
	cpe:2.3:h:nortel:ip_phone_1150e::::::::
	cpe:2.3:h:nortel:ip_audio_conference_phone_2033::::::::
	cpe:2.3:a:nortel:communications_server:2100:::::::*
	cpe:2.3:h:nortel:ip_phone_2007::::::::
	cpe:2.3:h:nortel:wlan_handset_2212::::::::
	cpe:2.3:h:nortel:ip_phone_2004::::::::

OR	cpe:2.3:a:nortel:business_communications_manager:srg50:::::::*
	cpe:2.3:a:nortel:centrex_ip_client_manager::::::::
	cpe:2.3:a:nortel:mobile_voice_client_2050::::::::
	cpe:2.3:a:nortel:business_communications_manager:400:::::::*
	cpe:2.3:a:nortel:business_communications_manager:50:::::::*
	cpe:2.3:a:nortel:business_communications_manager:50a:::::::*
	cpe:2.3:a:nortel:meridian_option_51c::::::::
	cpe:2.3:a:nortel:meridian_option_61c::::::::
	cpe:2.3:a:nortel:business_communications_manager:50e:::::::*
	cpe:2.3:a:nortel:business_communications_manager:srg200:::::::*
	cpe:2.3:a:nortel:meridian_option_81c::::::::
	cpe:2.3:a:nortel:centrex_ip_element_manager::::::::
	cpe:2.3:a:nortel:meridian_option_11c::::::::
	cpe:2.3:a:nortel:business_communications_manager:200:::::::*
	cpe:2.3:a:nortel:meridian_sl100:cs2100:::::::*
	cpe:2.3:a:nortel:business_communications_manager:1000:::::::*

Information

Published : 2007-10-23 10:46

Updated : 2018-10-15 14:45

NVD link : CVE-2007-5640

Mitre link : CVE-2007-5640

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

nortel

ip_phone_2001
multimedia_communication_server_5100
ip_phone_1140e
centrex_ip_element_manager
wlan_handset_2210
meridian_sl100
multimedia_communication_server_5200
wlan_handset_6120
ip_phone_1120e
meridian_option_51c
wlan_handset_2211
ip_audio_conference_phone_2033
meridian_option_11c
ip_phone_2004
meridian_option_81c
centrex_ip_client_manager
ip_phone_1150e
mobile_voice_client_2050
ip_phone_2002
ip_phone_1110
ip_phone_2007
business_communications_manager
wlan_handset_2212
communications_server
wlan_handset_6140
meridian_option_61c

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt", "name": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_forced_re-authentication_v1.0.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641", "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/26124", "name": "26124", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/27234", "name": "27234", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/3274", "name": "3274", "tags": [], "refsource": "SREASON"}, {"url": "http://osvdb.org/41772", "name": "41772", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37254", "name": "nortel-ipphone-register-dos(37254)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/482481/100/0/threaded", "name": "20071018 Nortel IP Phone forced re-authentication", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-5640", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-10-23T17:46Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nortel:multimedia_communication_server_5100:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:nortel:multimedia_communication_server_5200:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nortel:communications_server:1000m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:nortel:communications_server:1000s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:ip_phone_2001:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:ip_phone_2002:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:wlan_handset_6140:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:ip_phone_1110:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:ip_phone_1120e:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:wlan_handset_2210:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:wlan_handset_2211:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:nortel:communications_server:1000e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:ip_phone_1140e:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:wlan_handset_6120:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:ip_phone_1150e:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:ip_audio_conference_phone_2033:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:nortel:communications_server:2100:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:ip_phone_2007:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:wlan_handset_2212:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:nortel:ip_phone_2004:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nortel:business_communications_manager:srg50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:centrex_ip_client_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:business_communications_manager:400:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:business_communications_manager:50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:business_communications_manager:50a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:business_communications_manager:50e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:business_communications_manager:srg200:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:centrex_ip_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:business_communications_manager:200:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:meridian_sl100:cs2100:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:business_communications_manager:1000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-15T21:45Z"}

7.1 /10