Nortel UNIStim IP Phone Remote Denial of Service Vulnerability
BID:26124
Info
Nortel UNIStim IP Phone Remote Denial of Service Vulnerability
| Bugtraq ID: | 26124 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-5640 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 18 2007 12:00AM |
| Updated: | May 07 2015 05:34PM |
| Credit: | The vendor credits Daniel Stirnimann and Cyrill Brunschwiler from Compass Security Network Computing AG with the discovery of this issue. |
| Vulnerable: |
Nortel Networks SRG50 0 Nortel Networks SRG 1.0 Nortel Networks Mobile Voice Client 2050 Nortel Networks Meridian 1 - Option 81C 0 Nortel Networks Meridian 1 - Option 61C 0 Nortel Networks Meridian 1 - Option 51C 0 Nortel Networks Meridian 1 - Option 11C 0 Nortel Networks Meridian 1 - Option11C Mini Nortel Networks MCS 5200 3.0 Nortel Networks IP softphone 2050 Nortel Networks IP Phone 2007 Nortel Networks IP Phone 2004 Nortel Networks IP Phone 2002 Nortel Networks IP Phone 2001 Nortel Networks IP Phone 1150E Nortel Networks IP Phone 1140E Nortel Networks IP Phone 1120E Nortel Networks IP Phone 1110 Nortel Networks IP Audio Conference Phone 2033 Nortel Networks CS 1000 Nortel Networks BCM 50 Nortel Networks BCM 400 Nortel Networks BCM 3.7 Nortel Networks BCM 200 |
| Not Vulnerable: | |
Discussion
Nortel UNIStim IP Phone Remote Denial of Service Vulnerability
Nortel UNIStim IP Phone products are prone to a remote denial-of-service vulnerability because the software fails to properly handle unexpected network datagrams.
Successfully exploiting this issue allows remote attackers to trigger a phone to re-register with its service provider. Repeated attacks deny phone service to legitimate users.
Nortel UNIStim IP Phone products are prone to a remote denial-of-service vulnerability because the software fails to properly handle unexpected network datagrams.
Successfully exploiting this issue allows remote attackers to trigger a phone to re-register with its service provider. Repeated attacks deny phone service to legitimate users.
Exploit / POC
Nortel UNIStim IP Phone Remote Denial of Service Vulnerability
To exploit this issue, attackers can use readily available network utilities.
To exploit this issue, attackers can use readily available network utilities.
Solution / Fix
Nortel UNIStim IP Phone Remote Denial of Service Vulnerability
Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the referenced advisory for information on obtaining and applying fixes.
Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the referenced advisory for information on obtaining and applying fixes.
References
Nortel UNIStim IP Phone Remote Denial of Service Vulnerability
References:
References:
- Nortel Networks Homepage (Nortel Networks)
- Nortel IP Phone forced re-authentication ([email protected])
- Nortel Networks Advisory 2007008385: DoS Potential Vulnerability - UNIStim IP Ph (Nortel Networks)