Vulnerabilities > CVE-2007-1820 - Remote Security vulnerability in Meridian Mail

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

nortel

critical

NVD

Published: 2007-04-02

Updated: 2008-11-13

Summary

Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID). Access complexity set to Medium because Nortel Networks voicemail systems do not hard code or default to this behavior.

Vulnerable Configurations

Part	Description	Count
Application	Nortel Nortel Callpilot * Nortel Meridian Mail *	2

References

http://osvdb.org/34983
http://www.kb.cert.org/vuls/id/726548
http://www.kb.cert.org/vuls/id/AAMN-5N2QFX