CVE-2007-2332

Published: Apr 27, 2007Modified: Apr 23, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.

Affected (8)

Products: Nortel: Vpn Router 1010, Vpn Router 1050, Vpn Router 1100, Vpn Router 1700, Vpn Router 1740, Vpn Router 1750, Vpn Router 2700, Vpn Router 5000

8 products

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Nortel Vpn Router 1010	All versions
Nortel Vpn Router 1050	All versions
Nortel Vpn Router 1100	All versions
Nortel Vpn Router 1700	All versions
Nortel Vpn Router 1740	All versions
Nortel Vpn Router 1750	All versions
Nortel Vpn Router 2700	All versions
Nortel Vpn Router 5000	All versions