Vulnerabilities > CVE-2007-1820 - Remote Security vulnerability in Meridian Mail

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
nortel
critical

Summary

Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID). Access complexity set to Medium because Nortel Networks voicemail systems do not hard code or default to this behavior.

Vulnerable Configurations

Part Description Count
Application
Nortel
2