Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerability

BID:26120

Info

Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerability

Bugtraq ID: 26120
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2007-5638
CVE-2007-5637
Remote: Yes
Local: No
Published: Oct 18 2007 12:00AM
Updated: Jul 05 2016 10:00PM
Credit: Daniel Stirnimann and Cyrill Brunschwiler from Compass Security Network Computing AG are credited with discovering this issue.
Vulnerable: Nortel Networks Universal Access - IP 0
Nortel Networks Survivable Remote Gateway 50
Nortel Networks Survivable Remote Gateway 200/400
Nortel Networks Succession Multimedia Communications 0
Nortel Networks Packet Transit - IP 0
Nortel Networks Mobile Voice Client 2050
Nortel Networks Meridian 1 - Option 81C 0
Nortel Networks Meridian 1 - Option 61C 0
Nortel Networks Meridian 1 - Option 51C 0
Nortel Networks Meridian 1 - Option 11C 0
Nortel Networks Meridian 1 - Option11C Mini
Nortel Networks IP softphone 2050
Nortel Networks IP Phone 2007
Nortel Networks IP Phone 2004
Nortel Networks IP Phone 2002
Nortel Networks IP Phone 2001
Nortel Networks IP Phone 1150E
Nortel Networks IP Phone 1140E
Nortel Networks IP Phone 1120E
Nortel Networks IP Phone 1110
Nortel Networks IP Audio Conference Phone 2033
Nortel Networks Integrated Access - Cable 0
Nortel Networks Extended Peripheral Module 0
Nortel Networks Communications Server 2100
Nortel Networks Communication Server 1000S
Nortel Networks Communication Server 1000M Cabinet/Chassi
Nortel Networks Communication Server 1000E
Nortel Networks Circuit Switching 0
Nortel Networks Centrex IP Element Manager 0
Nortel Networks Centrex IP Client Manager
Nortel Networks Business Communications Manager 0
Nortel Networks BCM 50
Nortel Networks BCM 400
Nortel Networks BCM 1000
Not Vulnerable: Nortel Networks WLAN Handset 6140
Nortel Networks WLAN Handset 6120
Nortel Networks WLAN Handset 2212
Nortel Networks WLAN Handset 2211
Nortel Networks WLAN Handset 2210
Nortel Networks Multimedia Comm MCS5200
Nortel Networks Multimedia Comm MCS5100

Discussion

Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerability

Multiple Nortel Networks UNIStim VoIP telephony products are prone to a remote vulnerability that may allow eavesdropping.

Attackers can exploit this issue to open an audio channel with the phone's microphone. This will allow attackers to remotely eavesdrop on arbitrary conversations and gain potentially sensitive information that could aid in further attacks.

Exploit / POC

Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerability

The following proof-of-concept exploit code is available:

Solution / Fix

Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerability

Solution:
The vendor has released updates to address this issue. Please the references for more information.

References

Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report