Vulnerability Details : CVE-2007-5638
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2007-5638
Probability of exploitation activity in the next 30 days: 0.72%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-5638
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2007-5638
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5638
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37255
- http://www.securityfocus.com/archive/1/482478/100/0/threaded
-
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt
Exploit
-
http://www.securityfocus.com/bid/26120
Exploit
- http://securityreason.com/securityalert/3272
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/42881
Products affected by CVE-2007-5638
- cpe:2.3:a:nortel:business_communications_manager:1000:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:200:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:400:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:50a:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:50e:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:50:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:srg200:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:business_communications_manager:srg50:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:centrex_ip_client_manager:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:centrex_ip_element_manager:*:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140
- cpe:2.3:a:nortel:meridian_sl100:cs2100:*:*:*:*:*:*:*When used together with: Nortel » Multimedia Communication Server 5100When used together with: Nortel » Multimedia Communication Server 5200When used together with: Nortel » Ip Audio Conference Phone 2033When used together with: Nortel » Ip Phone 1110When used together with: Nortel » Ip Phone 1120eWhen used together with: Nortel » Ip Phone 1140eWhen used together with: Nortel » Ip Phone 1150eWhen used together with: Nortel » Ip Phone 2001When used together with: Nortel » Ip Phone 2002When used together with: Nortel » Ip Phone 2004When used together with: Nortel » Ip Phone 2007When used together with: Nortel » Wlan Handset 2210When used together with: Nortel » Wlan Handset 2211When used together with: Nortel » Wlan Handset 2212When used together with: Nortel » Wlan Handset 6120When used together with: Nortel » Wlan Handset 6140