Back to search
CVE-2007-5640
Published: Oct 23, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. NOTE: the attack is more disruptive if a new spoofed resume message is sent after each re-registration.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654641
x_refsource_CONFIRM
27234
third-party-advisory
x_refsource_SECUNIA
nortel-ipphone-register-dos(37254)
vdb-entry
x_refsource_XF
41772
vdb-entry
x_refsource_OSVDB
3274
third-party-advisory
x_refsource_SREASON
20071018 Nortel IP Phone forced re-authentication
mailing-list
x_refsource_BUGTRAQ
26124
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now