CVE-2007-5637

Sažetak

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier.

Reference

http://osvdb.org/41769
http://secunia.com/advisories/27234
http://securityreason.com/securityalert/3272
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt
http://www.securityfocus.com/archive/1/482478/100/0/threaded
http://www.securityfocus.com/bid/26120
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37255

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

15-10-2018 - 21:45

Objavljeno

23-10-2007 - 17:46