Vulnerabilities > CVE-2007-5639 - Denial of Service vulnerability in Nortel IP Phones UNIStim Messages
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE network
nortel
Summary
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service (device hang) via a flood of Mute and UnMute messages that have a spoofed source IP address for the Signaling Server.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | Nortel
| 13 |
Application | 2 |
References
- http://securityreason.com/securityalert/3273
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654715
- http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_flooding_denial_of_service_v1.0.txt
- http://www.securityfocus.com/archive/1/482480/100/0/threaded
- http://www.securityfocus.com/bid/26122
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37253