CVE Vulnerability

CVE-2007-5637

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714 Patch
http://www.securityfocus.com/bid/26120 Exploit Patch
http://secunia.com/advisories/27234 Vendor Advisory
http://securityreason.com/securityalert/3272
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf
http://osvdb.org/41769
https://exchange.xforce.ibmcloud.com/vulnerabilities/37255
http://www.securityfocus.com/archive/1/482478/100/0/threaded
Configurations

Configuration 1
Information

Published : 2007-10-23 05:46

Updated : 2018-10-15 09:45

NVD link : CVE-2007-5637

Mitre link : CVE-2007-5637

Products Affected
No products.
CWE
CWE-200