CVE-2007-5638
Nortel Business Communications Manager - Exposure of Sensitive Information via RUDP ID Predictability
Title source: llmDescription
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37255
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27234
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/41770
Exploit x_refsource_misc
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42881
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3272
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482478/100/0/threaded
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26120
Scores
EPSS
0.0147
EPSS Percentile
70.7%
Details
CWE
CWE-200
CWE-310
Status
published
Products (16)
nortel/business_communications_manager
50
nortel/business_communications_manager
50a
nortel/business_communications_manager
50e
nortel/business_communications_manager
200
nortel/business_communications_manager
400
nortel/business_communications_manager
1000
nortel/business_communications_manager
srg50
nortel/business_communications_manager
srg200
nortel/centrex_ip_client_manager
nortel/centrex_ip_element_manager
... and 6 more
Published
Oct 23, 2007
Tracked Since
Feb 18, 2026