CVE-2008-6564

Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks.

CVSS v2.0 7.6 HIGH

7.6^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.voipshield.com/research-details.php?id=27&s=4&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
http://www.securitytracker.com/id?1019847
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455	Vendor Advisory
http://osvdb.org/44379
http://secunia.com/advisories/29747
http://www.securityfocus.com/bid/28691
https://exchange.xforce.ibmcloud.com/vulnerabilities/41801

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:nortel:unistim_protocol::::::::
	cpe:2.3:a:nortel:communication_server_1000::::::::

Information

Published : 2009-03-31 10:30

Updated : 2017-08-16 18:29

NVD link : CVE-2008-6564

Mitre link : CVE-2008-6564

JSON object : View

CWE

NVD-CWE-Other

Products Affected

nortel

communication_server_1000
unistim_protocol

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.voipshield.com/research-details.php?id=27&s=4&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC", "name": "http://www.voipshield.com/research-details.php?id=27&s=4&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC", "tags": [], "refsource": "MISC"}, {"url": "http://www.securitytracker.com/id?1019847", "name": "1019847", "tags": [], "refsource": "SECTRACK"}, {"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455", "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://osvdb.org/44379", "name": "44379", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/29747", "name": "29747", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/28691", "name": "28691", "tags": [], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41801", "name": "nortel-unistim-dos(41801)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-6564", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-03-31T17:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:nortel:unistim_protocol:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nortel:communication_server_1000:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:29Z"}

7.6 /10