Vulnerabilities > Nortel > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-01 | CVE-2008-6576 | Multiple Security vulnerability in Nortel Cs1000 4.50 Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions. | 7.8 |
| 2009-03-31 | CVE-2008-6564 | Multiple Security vulnerability in Nortel Networks Communication Server 1000 Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks. | 7.6 |
| 2009-01-08 | CVE-2008-5872 | Improper Input Validation vulnerability in Nortel Multimedia Communication Server 5100 3.0.13 Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values. | 7.8 |
| 2008-11-07 | CVE-2008-4999 | Improper Input Validation vulnerability in Nortel Unistim IP Phone 0604Das Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). | 7.8 |
| 2007-10-23 | CVE-2007-5640 | Remote Denial of Service vulnerability in Nortel UNIStim IP Phone The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. network nortel | 7.1 |
| 2007-10-23 | CVE-2007-5639 | Denial of Service vulnerability in Nortel IP Phones UNIStim Messages The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service (device hang) via a flood of Mute and UnMute messages that have a spoofed source IP address for the Signaling Server. network nortel | 7.1 |
| 2007-10-23 | CVE-2007-5636 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nortel IP Softphone 2050 Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka "extraneous messaging." | 7.5 |
| 2007-10-19 | CVE-2007-5591 | Remote Denial of Service vulnerability in Nortel CS1000 ELAN The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports. | 7.8 |
| 2007-04-27 | CVE-2007-2334 | Remote Unauthorized Access vulnerability in Nortel Contivity and VPN Router 5000 Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests. | 7.5 |
| 2005-12-13 | CVE-2005-4197 | Unspecified vulnerability in Nortel SSL VPN 4.1.2.11/4.1.2.12 tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. | 7.5 |