← Back

CVE-2007-5638

nvd nist
Published: Oct 23, 2007Modified: Apr 23, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages.

Affected (16)

Nortel
9 products
Business Communications Manager
Centrex Ip Client Manager
Centrex Ip Element Manager
Meridian Option 11c
Meridian Option 51c
Meridian Option 61c
Meridian Option 81c
Meridian Sl100
Mobile Voice Client 2050
Configuration A
16 vulnerable · 20 platform
Vulnerable SoftwareAffected Versions
Nortel
Business Communications Manager
Version 1000
Business Communications Manager
Version 200
Business Communications Manager
Version 400
Business Communications Manager
Version 50
Business Communications Manager
Version 50a
Business Communications Manager
Version 50e
Business Communications Manager
Version srg200
Business Communications Manager
Version srg50
Centrex Ip Client Manager
All versions
Centrex Ip Element Manager
All versions
Meridian Option 11c
All versions
Meridian Option 51c
All versions
Meridian Option 61c
All versions
Meridian Option 81c
All versions
Meridian Sl100
Version cs2100
Mobile Voice Client 2050
All versions
Running on/withPlatform Versions
Nortel
Multimedia Communication Server 5100
All versions
Nortel
Multimedia Communication Server 5200
All versions
Nortel
Communications Server
Version 1000e
Nortel
Communications Server
Version 1000m
Nortel
Communications Server
Version 1000s
Nortel
Communications Server
Version 2100
Nortel
Ip Audio Conference Phone 2033
All versions
Nortel
Ip Phone 1110
All versions
Nortel
Ip Phone 1120e
All versions
Nortel
Ip Phone 1140e
All versions
Nortel
Ip Phone 1150e
All versions
Nortel
Ip Phone 2001
All versions
Nortel
Ip Phone 2002
All versions
Nortel
Ip Phone 2004
All versions
Nortel
Ip Phone 2007
All versions
Nortel
Wlan Handset 2210
All versions
Nortel
Wlan Handset 2211
All versions
Nortel
Wlan Handset 2212
All versions
Nortel
Wlan Handset 6120
All versions
Nortel
Wlan Handset 6140
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-310
CWE-310

References (16)

Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.