Vulnerabilities > CVE-2007-5639 - Denial of Service vulnerability in Nortel IP Phones UNIStim Messages

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

nortel

NVD

Published: 2007-10-23

Updated: 2018-10-15

Summary

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service (device hang) via a flood of Mute and UnMute messages that have a spoofed source IP address for the Signaling Server.

Vulnerable Configurations

Part	Description	Count
Hardware	Nortel Nortel IP Audio Conference Phone 2033 * Nortel IP Phone 1110 * Nortel IP Phone 1120E * Nortel IP Phone 1140E * Nortel IP Phone 1150E * Nortel IP Phone 2001 * Nortel IP Phone 2002 * Nortel IP Phone 2004 * Nortel Wlan Handset 2210 * Nortel Wlan Handset 2211 * Nortel Wlan Handset 2212 * Nortel Wlan Handset 6120 * Nortel Wlan Handset 6140 *	13
Application	Nortel Nortel IP Softphone 2050 * Nortel Mobile Voice Client 2050 *	2

Summary

Vulnerable Configurations

References