Vulnerabilities > Nortel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-01 | CVE-2008-6579 | Multiple Security vulnerability in Nortel Cs1000 4.50 Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators." | 5.0 |
| 2009-04-01 | CVE-2008-6578 | Multiple Security vulnerability in Nortel Cs1000 4.50 Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors. | 10.0 |
| 2009-04-01 | CVE-2008-6577 | Credentials Management vulnerability in Nortel Cs1000 4.50 Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges. | 10.0 |
| 2009-04-01 | CVE-2008-6576 | Multiple Security vulnerability in Nortel Cs1000 4.50 Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions. | 7.8 |
| 2009-03-31 | CVE-2008-6564 | Multiple Security vulnerability in Nortel Networks Communication Server 1000 Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks. | 7.6 |
| 2009-01-08 | CVE-2008-5872 | Improper Input Validation vulnerability in Nortel Multimedia Communication Server 5100 3.0.13 Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values. | 7.8 |
| 2009-01-08 | CVE-2008-5871 | Credentials Management vulnerability in Nortel Multimedia Communication Server 5100 3.0.13 Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command. | 6.4 |
| 2008-11-07 | CVE-2008-4999 | Improper Input Validation vulnerability in Nortel Unistim IP Phone 0604Das Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). | 7.8 |
| 2008-07-11 | CVE-2008-3157 | Resource Management Errors vulnerability in Nortel SIP Multimedia PC Client 4.0 Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions. | 5.0 |
| 2008-05-14 | CVE-2008-2218 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nortel Multimedia Communications Server Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic flood" denial of service plugin. | 5.0 |