Vulnerabilities > Nortel

DATE CVE VULNERABILITY TITLE RISK
2009-04-01 CVE-2008-6579 Multiple Security vulnerability in Nortel Cs1000 4.50
Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."
network
low complexity
nortel
5.0
2009-04-01 CVE-2008-6578 Multiple Security vulnerability in Nortel Cs1000 4.50
Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.
network
low complexity
nortel
critical
10.0
2009-04-01 CVE-2008-6577 Credentials Management vulnerability in Nortel Cs1000 4.50
Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.
network
low complexity
nortel CWE-255
critical
10.0
2009-04-01 CVE-2008-6576 Multiple Security vulnerability in Nortel Cs1000 4.50
Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions.
network
low complexity
nortel
7.8
2009-03-31 CVE-2008-6564 Multiple Security vulnerability in Nortel Networks Communication Server 1000
Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks.
network
high complexity
nortel
7.6
2009-01-08 CVE-2008-5872 Improper Input Validation vulnerability in Nortel Multimedia Communication Server 5100 3.0.13
Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values.
network
low complexity
nortel CWE-20
7.8
2009-01-08 CVE-2008-5871 Credentials Management vulnerability in Nortel Multimedia Communication Server 5100 3.0.13
Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command.
network
low complexity
nortel CWE-255
6.4
2008-11-07 CVE-2008-4999 Improper Input Validation vulnerability in Nortel Unistim IP Phone 0604Das
Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death").
network
low complexity
nortel CWE-20
7.8
2008-07-11 CVE-2008-3157 Resource Management Errors vulnerability in Nortel SIP Multimedia PC Client 4.0
Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions.
network
low complexity
nortel CWE-399
5.0
2008-05-14 CVE-2008-2218 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nortel Multimedia Communications Server
Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic flood" denial of service plugin.
network
low complexity
nortel CWE-119
5.0