Vulnerability Report

CVE-2007-5638

Title: Nortel Ip Phone 1150E Information Disclosure

Information Disclosure

Proof Of Concept

No public PoC currently indexed for CVE-2007-5638.

CWE Category CWE-200

Published Date Oct 23, 2007

Modified Date Apr 09, 2025

Exploit Status Not Found

Score 4.3 CVSS v2.0

Exploit Probability (EPSS)

0.63%

Vulnerability Summary

CVE-2007-5638: The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages.

Impacted Vendors

nortel 26

Reference Links

http://osvdb.org/41770 http://secunia.com/advisories/27234 http://securityreason.com/securityalert/3272 http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt http://www.securityfocus.com/archive/1/482478/100/0/threaded http://www.securityfocus.com/bid/26120 https://exchange.xforce.ibmcloud.com/vulnerabilities/37255 https://exchange.xforce.ibmcloud.com/vulnerabilities/42881 http://osvdb.org/41770 http://secunia.com/advisories/27234 http://securityreason.com/securityalert/3272 http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt http://www.securityfocus.com/archive/1/482478/100/0/threaded http://www.securityfocus.com/bid/26120 https://exchange.xforce.ibmcloud.com/vulnerabilities/37255 https://exchange.xforce.ibmcloud.com/vulnerabilities/42881

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

4.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:P/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2007-5638 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

October 23, 2007 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:P/I:N/A:N

Affected Stack

No specific products linked.