Vulnerability Description
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nortel | Multimedia Communication Server 5100 | All versions |
| Nortel | Multimedia Communication Server 5200 | All versions |
| Nortel | Communications Server | 1000e |
| Nortel | Ip Audio Conference Phone 2033 | All versions |
| Nortel | Ip Phone 1110 | All versions |
| Nortel | Ip Phone 1120E | All versions |
| Nortel | Ip Phone 1140E | All versions |
| Nortel | Ip Phone 1150E | All versions |
| Nortel | Ip Phone 2001 | All versions |
| Nortel | Ip Phone 2002 | All versions |
| Nortel | Ip Phone 2004 | All versions |
| Nortel | Ip Phone 2007 | All versions |
| Nortel | Wlan Handset 2210 | All versions |
| Nortel | Wlan Handset 2211 | All versions |
| Nortel | Wlan Handset 2212 | All versions |
| Nortel | Wlan Handset 6120 | All versions |
| Nortel | Wlan Handset 6140 | All versions |
| Nortel | Business Communications Manager | 50 |
| Nortel | Centrex Ip Client Manager | All versions |
| Nortel | Centrex Ip Element Manager | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/41770
- http://secunia.com/advisories/27234PatchVendor Advisory
- http://securityreason.com/securityalert/3272
- http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.tExploit
- http://www.securityfocus.com/archive/1/482478/100/0/threaded
- http://www.securityfocus.com/bid/26120Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37255
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42881
- http://osvdb.org/41770
- http://secunia.com/advisories/27234PatchVendor Advisory
- http://securityreason.com/securityalert/3272
- http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.tExploit
- http://www.securityfocus.com/archive/1/482478/100/0/threaded
- http://www.securityfocus.com/bid/26120Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37255
FAQ
What is CVE-2007-5638?
CVE-2007-5638 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values ...
How severe is CVE-2007-5638?
CVE-2007-5638 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5638?
Check the references section above for vendor advisories and patch information. Affected products include: Nortel Multimedia Communication Server 5100, Nortel Multimedia Communication Server 5200, Nortel Communications Server, Nortel Ip Audio Conference Phone 2033, Nortel Ip Phone 1110.