CVE-2007-5637 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2007-5637

Modified

More Info Official Page

Source-cve@mitre.org

Published At-23 Oct, 2007 | 17:46

Updated At-15 Oct, 2018 | 21:45

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

nortel>>multimedia_communication_server_5100>>*

cpe:2.3:a:nortel:multimedia_communication_server_5100:*:*:*:*:*:*:*:*

nortel>>multimedia_communication_server_5200>>*

cpe:2.3:a:nortel:multimedia_communication_server_5200:*:*:*:*:*:*:*:*

nortel>>communications_server>>1000e

cpe:2.3:a:nortel:communications_server:1000e:*:*:*:*:*:*:*

nortel>>communications_server>>1000m

cpe:2.3:a:nortel:communications_server:1000m:*:*:*:*:*:*:*

nortel>>communications_server>>1000s

cpe:2.3:a:nortel:communications_server:1000s:*:*:*:*:*:*:*

nortel>>communications_server>>2100

cpe:2.3:a:nortel:communications_server:2100:*:*:*:*:*:*:*

nortel>>ip_audio_conference_phone_2033>>*

cpe:2.3:h:nortel:ip_audio_conference_phone_2033:*:*:*:*:*:*:*:*

nortel>>ip_phone_1110>>*

cpe:2.3:h:nortel:ip_phone_1110:*:*:*:*:*:*:*:*

nortel>>ip_phone_1120e>>*

cpe:2.3:h:nortel:ip_phone_1120e:*:*:*:*:*:*:*:*

nortel>>ip_phone_1140e>>*

cpe:2.3:h:nortel:ip_phone_1140e:*:*:*:*:*:*:*:*

nortel>>ip_phone_1150e>>*

cpe:2.3:h:nortel:ip_phone_1150e:*:*:*:*:*:*:*:*

nortel>>ip_phone_2001>>*

cpe:2.3:h:nortel:ip_phone_2001:*:*:*:*:*:*:*:*

nortel>>ip_phone_2002>>*

cpe:2.3:h:nortel:ip_phone_2002:*:*:*:*:*:*:*:*

nortel>>ip_phone_2004>>*

cpe:2.3:h:nortel:ip_phone_2004:*:*:*:*:*:*:*:*

nortel>>ip_phone_2007>>*

cpe:2.3:h:nortel:ip_phone_2007:*:*:*:*:*:*:*:*

nortel>>wlan_handset_2210>>*

cpe:2.3:h:nortel:wlan_handset_2210:*:*:*:*:*:*:*:*

nortel>>wlan_handset_2211>>*

cpe:2.3:h:nortel:wlan_handset_2211:*:*:*:*:*:*:*:*

nortel>>wlan_handset_2212>>*

cpe:2.3:h:nortel:wlan_handset_2212:*:*:*:*:*:*:*:*

nortel>>wlan_handset_6120>>*

cpe:2.3:h:nortel:wlan_handset_6120:*:*:*:*:*:*:*:*

nortel>>wlan_handset_6140>>*

cpe:2.3:h:nortel:wlan_handset_6140:*:*:*:*:*:*:*:*

nortel>>business_communications_manager>>50

cpe:2.3:a:nortel:business_communications_manager:50:*:*:*:*:*:*:*

nortel>>business_communications_manager>>50a

cpe:2.3:a:nortel:business_communications_manager:50a:*:*:*:*:*:*:*

nortel>>business_communications_manager>>50e

cpe:2.3:a:nortel:business_communications_manager:50e:*:*:*:*:*:*:*

nortel>>business_communications_manager>>200

cpe:2.3:a:nortel:business_communications_manager:200:*:*:*:*:*:*:*

nortel>>business_communications_manager>>400

cpe:2.3:a:nortel:business_communications_manager:400:*:*:*:*:*:*:*

nortel>>business_communications_manager>>1000

cpe:2.3:a:nortel:business_communications_manager:1000:*:*:*:*:*:*:*

nortel>>business_communications_manager>>srg50

cpe:2.3:a:nortel:business_communications_manager:srg50:*:*:*:*:*:*:*

nortel>>business_communications_manager>>srg200

cpe:2.3:a:nortel:business_communications_manager:srg200:*:*:*:*:*:*:*

nortel>>centrex_ip_client_manager>>*

cpe:2.3:a:nortel:centrex_ip_client_manager:*:*:*:*:*:*:*:*

nortel>>centrex_ip_element_manager>>*

cpe:2.3:a:nortel:centrex_ip_element_manager:*:*:*:*:*:*:*:*

nortel>>meridian_option_11c>>*

cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:*

nortel>>meridian_option_51c>>*

cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:*

nortel>>meridian_option_61c>>*

cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:*

nortel>>meridian_option_81c>>*

cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:*

nortel>>meridian_sl100>>cs2100

cpe:2.3:a:nortel:meridian_sl100:cs2100:*:*:*:*:*:*:*

nortel>>mobile_voice_client_2050>>*

cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://osvdb.org/41769	cve@mitre.org	N/A
http://secunia.com/advisories/27234	cve@mitre.org	Vendor Advisory
http://securityreason.com/securityalert/3272	cve@mitre.org	N/A
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714	cve@mitre.org	Patch
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/482478/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/26120	cve@mitre.org	Exploit Patch
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/37255	cve@mitre.org	N/A

Hyperlink: http://osvdb.org/41769

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/27234

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://securityreason.com/securityalert/3272

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714

Source: cve@mitre.org

Resource:

Patch

Hyperlink: http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/482478/100/0/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/26120

Source: cve@mitre.org

Resource:

Exploit

Patch

Hyperlink: http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37255

Source: cve@mitre.org

Resource: N/A