{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "nortel-ipphone-unistim-audio-hijacking(37255)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37255"}, {"name": "27234", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27234"}, {"name": "41770", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41770"}, {"tags": ["x_refsource_MISC"], "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt"}, {"name": "nortel-ipphone-audiostream-spoofing(42881)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42881"}, {"name": "3272", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3272"}, {"name": "20071018 Nortel IP Phone Surveillance Mode", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482478/100/0/threaded"}, {"name": "26120", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26120"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5638", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "nortel-ipphone-unistim-audio-hijacking(37255)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37255"}, {"name": "27234", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27234"}, {"name": "41770", "refsource": "OSVDB", "url": "http://osvdb.org/41770"}, {"name": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt", "refsource": "MISC", "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt"}, {"name": "nortel-ipphone-audiostream-spoofing(42881)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42881"}, {"name": "3272", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3272"}, {"name": "20071018 Nortel IP Phone Surveillance Mode", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482478/100/0/threaded"}, {"name": "26120", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26120"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:39:13.714Z"}, "title": "CVE Program Container", "references": [{"name": "nortel-ipphone-unistim-audio-hijacking(37255)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37255"}, {"name": "27234", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27234"}, {"name": "41770", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41770"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt"}, {"name": "nortel-ipphone-audiostream-spoofing(42881)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42881"}, {"name": "3272", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3272"}, {"name": "20071018 Nortel IP Phone Surveillance Mode", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482478/100/0/threaded"}, {"name": "26120", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26120"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5638", "datePublished": "2007-10-23T17:00:00", "dateReserved": "2007-10-23T00:00:00", "dateUpdated": "2024-08-07T15:39:13.714Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nortel:multimedia_communication_server_5100:*:*:*:*:*:*:*:*", "matchCriteriaId": "C924E0F3-999C-4B2B-BFD9-24BDBE4BABA5", "vulnerable": false}, {"criteria": "cpe:2.3:a:nortel:multimedia_communication_server_5200:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EBEF64C-2B98-4961-8E2A-C59EA894FE0F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:nortel:communications_server:1000e:*:*:*:*:*:*:*", "matchCriteriaId": "0EDBAFA1-329A-4321-990F-9B0972D286E8", "vulnerable": false}, {"criteria": "cpe:2.3:a:nortel:communications_server:1000m:*:*:*:*:*:*:*", "matchCriteriaId": "9559937B-8F87-49AB-B572-2DB3477CB1BB", "vulnerable": false}, {"criteria": "cpe:2.3:a:nortel:communications_server:1000s:*:*:*:*:*:*:*", "matchCriteriaId": "FA45C92F-3CDF-41A3-BD3F-E9725338E61F", "vulnerable": false}, {"criteria": "cpe:2.3:a:nortel:communications_server:2100:*:*:*:*:*:*:*", "matchCriteriaId": "6D7FC9EB-4BF5-45C2-A260-ADF4CC218700", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_audio_conference_phone_2033:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3725D9C-E702-45F8-A647-BAA86EA060C6", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_1110:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC7EA846-6B58-4F88-91B2-770388BE5E2C", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_1120e:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9593EEF-CAC3-455B-972D-5DD2FE4802C2", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_1140e:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1482953-C22F-4FA7-B262-52B136F578CB", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_1150e:*:*:*:*:*:*:*:*", "matchCriteriaId": "64B644B1-F5B9-4420-9908-CB4770B3F600", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_2001:*:*:*:*:*:*:*:*", "matchCriteriaId": "645B8DCD-27BB-46B2-A41E-4EBC0674AD4C", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_2002:*:*:*:*:*:*:*:*", "matchCriteriaId": "D52E4B37-7699-41D0-A9B7-965A01808607", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_2004:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD0A3FFE-C169-4C4B-8DDD-B5EFA9ACE238", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_2007:*:*:*:*:*:*:*:*", "matchCriteriaId": "76E5B7F9-8163-441D-8900-1FD60AC3579C", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_2210:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7F1EFF9-42CB-4F10-940F-E397ED56D423", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_2211:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A490C36-F529-4448-A8DE-BE2C74041E19", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_2212:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7A9DC40-0269-403C-8D86-4EE094C5493E", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_6120:*:*:*:*:*:*:*:*", "matchCriteriaId": "54772D2C-5460-4C63-A22A-DBBC497BFBA6", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_6140:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D18F26-40F0-4041-95B0-6A2153DD1261", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:nortel:business_communications_manager:50:*:*:*:*:*:*:*", "matchCriteriaId": "BF498EA6-EF04-43A1-9627-E4B77928AAA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:50a:*:*:*:*:*:*:*", "matchCriteriaId": "04BB4BDA-893E-4912-9323-3F225435AE7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:50e:*:*:*:*:*:*:*", "matchCriteriaId": "F6C8AB15-D6F2-4F06-81BB-9D54F692CA24", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:200:*:*:*:*:*:*:*", "matchCriteriaId": "F49ECAF3-0922-4C6B-A991-93504457668A", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:400:*:*:*:*:*:*:*", "matchCriteriaId": "E34503FD-5462-4D07-B626-A0061EDB6DC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:1000:*:*:*:*:*:*:*", "matchCriteriaId": "2401C82A-BC79-435D-B921-FEE8DD3129C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:srg50:*:*:*:*:*:*:*", "matchCriteriaId": "3D29C329-4026-459C-A8F0-67BEF104FCFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:srg200:*:*:*:*:*:*:*", "matchCriteriaId": "A91B8617-7E5F-4373-8A8F-B27F4F3B1699", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:centrex_ip_client_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6B037DA-B11F-41DA-A63A-7FFB88794BD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:centrex_ip_element_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE819C43-881A-4209-BC25-B0CDF08313F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C791034-CF75-4779-AB1B-DF7A67361A85", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5D5C794-DF6D-492F-B34B-CDBB364C7168", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9CBF345-9D72-459A-ADA2-33DE3A25D156", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:*", "matchCriteriaId": "B726AC5D-3270-40D8-9783-F068A682A82D", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_sl100:cs2100:*:*:*:*:*:*:*", "matchCriteriaId": "E6B42739-60EB-4A93-85B6-1A95DF36BD51", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*", "matchCriteriaId": "48E2627D-3244-4A66-9EF6-B790EEFD0D4A", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages."}, {"lang": "es", "value": "El Nortel UNIStim IP Softphone 2050, IP Phone 1140E, y productos adicionales Nortel desde el IP Phone, Business Communications Manager (BCM), y otras l\u00edneas de productos, utilizan solamente diferentes valores 65536 en el campo n\u00famero ID de 32-bit de un datagrama RUDP, lo cual hace m\u00e1s f\u00e1cil a los atacantes remotos adivinar el RUDP ID y mensajes falsos. NOTA: esto podr\u00eda solaparse con un ataque espia a trav\u00e9s del env\u00edo de mensajes Audio Stream."}], "id": "CVE-2007-5638", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-23T17:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/41770"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27234"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3272"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482478/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/26120"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37255"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/41770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27234"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3272"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482478/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/26120"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42881"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}