Vulnerability Details : CVE-2007-5637
Potential exploit
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier.
Products affected by CVE-2007-5637
- cpe:2.3:a:nortel:business_communications_manager:1000:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:200:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:400:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:50a:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:50e:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:50:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:srg200:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:srg50:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:centrex_ip_client_manager:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:centrex_ip_element_manager:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:meridian_sl100:cs2100:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
Exploit prediction scoring system (EPSS) score for CVE-2007-5637
11.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5637
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2007-5637
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5637
-
http://secunia.com/advisories/27234
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/37255
-
http://www.securityfocus.com/archive/1/482478/100/0/threaded
-
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt
404 - Compass Security
-
http://www.securityfocus.com/bid/26120
Exploit;Patch
-
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf
-
http://securityreason.com/securityalert/3272
-
http://osvdb.org/41769
-
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714
Patch
Jump to