CVE-2008-5871

Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=775223
http://voipshield.com/research-details.php?id=119
http://secunia.com/advisories/32203	Vendor Advisory
http://www.securityfocus.com/bid/31640
http://www.vupen.com/english/advisories/2008/2779
https://exchange.xforce.ibmcloud.com/vulnerabilities/45752

Configurations

Configuration 1 (hide)

cpe:2.3:a:nortel:multimedia_communication_server_5100:3.0.13:*:*:*:*:*:*:*

Information

Published : 2009-01-08 10:30

Updated : 2017-08-07 18:33

NVD link : CVE-2008-5871

Mitre link : CVE-2008-5871

JSON object : View

CWE

CWE-255

Credentials Management Errors

Products Affected

nortel

multimedia_communication_server_5100

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=775223", "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=775223", "tags": [], "refsource": "CONFIRM"}, {"url": "http://voipshield.com/research-details.php?id=119", "name": "http://voipshield.com/research-details.php?id=119", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/32203", "name": "32203", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/31640", "name": "31640", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2008/2779", "name": "ADV-2008-2779", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45752", "name": "nortel-mcs-snoop-weak-security(45752)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-5871", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-01-08T18:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nortel:multimedia_communication_server_5100:3.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:33Z"}

6.4 /10