Filtered by vendor Nortel
Subscribe
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1057 | 1 Nortel | 4 Alteon 2424 Application Switch, Net Direct Client, Ssl Vpn Module 1000 and 1 more | 2025-04-09 | 6.9 MEDIUM | N/A |
| The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. | |||||
| CVE-2008-5872 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values. | |||||
| CVE-2007-2334 | 1 Nortel | 2 Contivity, Vpn Router 5000 | 2025-04-09 | 7.5 HIGH | N/A |
| Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests. | |||||
| CVE-2007-5636 | 1 Nortel | 1 Ip Softphone 2050 | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka "extraneous messaging." | |||||
| CVE-2007-2332 | 1 Nortel | 8 Vpn Router 1010, Vpn Router 1050, Vpn Router 1100 and 5 more | 2025-04-09 | 9.0 HIGH | N/A |
| Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store. | |||||
| CVE-2008-6579 | 1 Nortel | 1 Cs1000 | 2025-04-09 | 5.0 MEDIUM | N/A |
| Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators." | |||||
| CVE-2007-2333 | 1 Nortel | 3 Contivity, Vpn Router 5000, Vpn Router Portfolio | 2025-04-09 | 10.0 HIGH | N/A |
| Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network. | |||||
| CVE-2008-6576 | 1 Nortel | 1 Cs1000 | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions. | |||||
| CVE-2007-2886 | 1 Nortel | 1 Communications Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors. | |||||
| CVE-2007-1820 | 1 Nortel | 2 Callpilot, Meridian Mail | 2025-04-09 | 9.3 HIGH | N/A |
| Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID). | |||||
| CVE-2007-5637 | 1 Nortel | 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier. | |||||
| CVE-2008-6564 | 1 Nortel | 2 Communication Server 1000, Unistim Protocol | 2025-04-09 | 7.6 HIGH | N/A |
| Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks. | |||||
| CVE-2008-4999 | 1 Nortel | 1 Unistim Ip Phone | 2025-04-09 | 7.8 HIGH | N/A |
| Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue. | |||||
| CVE-2007-5639 | 1 Nortel | 15 Ip Audio Conference Phone 2033, Ip Phone 1110, Ip Phone 1120e and 12 more | 2025-04-09 | 7.1 HIGH | N/A |
| The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service (device hang) via a flood of Mute and UnMute messages that have a spoofed source IP address for the Signaling Server. | |||||
| CVE-2008-6577 | 1 Nortel | 1 Cs1000 | 2025-04-09 | 10.0 HIGH | N/A |
| Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges. | |||||
| CVE-2007-5640 | 1 Nortel | 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more | 2025-04-09 | 7.1 HIGH | N/A |
| The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration. | |||||
| CVE-2007-3438 | 1 Nortel | 1 Sip Softphone | 2025-04-09 | 7.8 HIGH | N/A |
| Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361. | |||||
| CVE-2007-3361 | 1 Nortel | 1 Pc Client Soft Phone Sip | 2025-04-09 | 7.8 HIGH | N/A |
| The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to cause a denial of service (device crash) via a SIP message with a malformed header. | |||||
| CVE-2008-5871 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2025-04-09 | 6.4 MEDIUM | N/A |
| Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command. | |||||
| CVE-2007-5638 | 1 Nortel | 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages. | |||||