Nortel CS1000 ELAN Remote Denial of Service Vulnerability
BID:26113
Info
Nortel CS1000 ELAN Remote Denial of Service Vulnerability
| Bugtraq ID: | 26113 |
| Class: | Unknown |
| CVE: |
CVE-2007-5591 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 17 2007 12:00AM |
| Updated: | Nov 15 2007 12:39AM |
| Credit: | The vendor credits Daniel Stirnimann and Cyrill Brunschwiler from Compass Security Network Computing AG with the discovery of this issue. |
| Vulnerable: |
Nortel Networks Meridian 1 - Option 81C 0 Nortel Networks Meridian 1 - Option 61C 0 Nortel Networks Meridian 1 - Option 51C 0 Nortel Networks Meridian 1 - Option 11C 0 Nortel Networks Communication Server 1000S Nortel Networks Communication Server 1000M Cabinet/Chassi Nortel Networks Communication Server 1000E |
| Not Vulnerable: | |
Discussion
Nortel CS1000 ELAN Remote Denial of Service Vulnerability
Nortel CS1000 products are prone to a remote denial-of-service vulnerability due to an unspecified error in processing packets sent to ELAN interfaces.
Attackers can exploit this issue to disable the server and cause denial-of-service conditions for all attached users.
These versions are vulnerable:
Nortel Enterprise VoIP-Core-CS 1000E, 1000S, and 1000M Cabinet/Chassi
Nortel Meridian-Core-Option 11C - Cabinet, 11C - Chassis, 51C, 61C, 81C
Nortel CS1000 products are prone to a remote denial-of-service vulnerability due to an unspecified error in processing packets sent to ELAN interfaces.
Attackers can exploit this issue to disable the server and cause denial-of-service conditions for all attached users.
These versions are vulnerable:
Nortel Enterprise VoIP-Core-CS 1000E, 1000S, and 1000M Cabinet/Chassi
Nortel Meridian-Core-Option 11C - Cabinet, 11C - Chassis, 51C, 61C, 81C
Exploit / POC
Nortel CS1000 ELAN Remote Denial of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Nortel CS1000 ELAN Remote Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Nortel CS1000 ELAN Remote Denial of Service Vulnerability
References:
References:
- Nortel Networks Homepage (Nortel Networks)
- Nortel Telephony Server Denial of Service ([email protected])
- Nortel Networks Advisory 2007008384: CS1000 DoS Vulnerability (Nortel Networks)