CVE-2007-5591 - OpenCVE

The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Nortel	Meridian Option 11c Meridian Option 81c Meridian Option 61c Voip-core-cs Meridian Option 51c Communications Server

Configuration 1 [-]

AND

OR	cpe:2.3:a:nortel:communications_server:1000e:::::::*
	cpe:2.3:a:nortel:communications_server:1000m:::::::*
	cpe:2.3:a:nortel:communications_server:1000s:::::::*

OR	cpe:2.3:a:nortel:meridian_option_11c::::::::
	cpe:2.3:a:nortel:meridian_option_51c::::::::
	cpe:2.3:a:nortel:meridian_option_61c::::::::
	cpe:2.3:a:nortel:meridian_option_81c::::::::
	cpe:2.3:a:nortel:voip-core-cs:1000e::enterprise:::::
	cpe:2.3:a:nortel:voip-core-cs:1000m::enterprise:::::
	cpe:2.3:a:nortel:voip-core-cs:1000s::enterprise:::::

References

Link	Resource
http://osvdb.org/41799
http://secunia.com/advisories/27282	Vendor Advisory
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=655204
http://www.csnc.ch/static/advisory/csnc/nortel_telephony_server_denial_of_service_v1.0.txt
http://www.securityfocus.com/archive/1/482484/100/0/threaded
http://www.securityfocus.com/bid/26113
http://www.vupen.com/english/advisories/2007/3536	Vendor Advisory
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022871-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37252

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-19T23:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-10-19T00:00:00

Link: CVE-2007-5591

JSON object: View

NVD Information

Status : Modified

Published: 2007-10-19T23:17:00.000

Modified: 2018-10-15T21:45:43.533

Link: CVE-2007-5591

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "27282", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27282"}, {"name": "ADV-2007-3536", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3536"}, {"name": "nortel-cs1000-elan-dos(37252)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37252"}, {"name": "41799", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41799"}, {"tags": ["x_refsource_MISC"], "url": "http://www.csnc.ch/static/advisory/csnc/nortel_telephony_server_denial_of_service_v1.0.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022871-01.pdf"}, {"name": "26113", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26113"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=655204"}, {"name": "20071018 Nortel Telephony Server Denial of Service", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482484/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5591", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27282", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27282"}, {"name": "ADV-2007-3536", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3536"}, {"name": "nortel-cs1000-elan-dos(37252)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37252"}, {"name": "41799", "refsource": "OSVDB", "url": "http://osvdb.org/41799"}, {"name": "http://www.csnc.ch/static/advisory/csnc/nortel_telephony_server_denial_of_service_v1.0.txt", "refsource": "MISC", "url": "http://www.csnc.ch/static/advisory/csnc/nortel_telephony_server_denial_of_service_v1.0.txt"}, {"name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022871-01.pdf", "refsource": "CONFIRM", "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022871-01.pdf"}, {"name": "26113", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26113"}, {"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=655204", "refsource": "CONFIRM", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=655204"}, {"name": "20071018 Nortel Telephony Server Denial of Service", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482484/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5591", "datePublished": "2007-10-19T23:00:00", "dateReserved": "2007-10-19T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nortel:communications_server:1000e:*:*:*:*:*:*:*", "matchCriteriaId": "0EDBAFA1-329A-4321-990F-9B0972D286E8", "vulnerable": false}, {"criteria": "cpe:2.3:a:nortel:communications_server:1000m:*:*:*:*:*:*:*", "matchCriteriaId": "9559937B-8F87-49AB-B572-2DB3477CB1BB", "vulnerable": false}, {"criteria": "cpe:2.3:a:nortel:communications_server:1000s:*:*:*:*:*:*:*", "matchCriteriaId": "FA45C92F-3CDF-41A3-BD3F-E9725338E61F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C791034-CF75-4779-AB1B-DF7A67361A85", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5D5C794-DF6D-492F-B34B-CDBB364C7168", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9CBF345-9D72-459A-ADA2-33DE3A25D156", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:*", "matchCriteriaId": "B726AC5D-3270-40D8-9783-F068A682A82D", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:voip-core-cs:1000e:*:enterprise:*:*:*:*:*", "matchCriteriaId": "A739F443-E975-4D31-8207-941FA775F2CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:voip-core-cs:1000m:*:enterprise:*:*:*:*:*", "matchCriteriaId": "4173D37F-FEB0-4F4D-8687-6869767A90C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:voip-core-cs:1000s:*:enterprise:*:*:*:*:*", "matchCriteriaId": "7B4D3BC0-31E3-4A02-ACBC-BEB392BC2A1C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports."}, {"lang": "es", "value": "El servidor de se\u00f1alizaci\u00f3n CS1000 en Nortel Enterprise VoIP-Core-CS 1000M Chasis/Cabinet, Enterprise VoIP-Core-CS 1000E y 1000S, Meridian-Core-Option 11C Chassis and Cabinet, y Meridian-Core-Option 51C, 61C y 81C, permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n de la aplicaci\u00f3n de telefon\u00eda) por medio de una inundaci\u00f3n de paquetes hacia puertos Embedded LAN (ELAN)."}], "id": "CVE-2007-5591", "lastModified": "2018-10-15T21:45:43.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-19T23:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/41799"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27282"}, {"source": "cve@mitre.org", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=655204"}, {"source": "cve@mitre.org", "url": "http://www.csnc.ch/static/advisory/csnc/nortel_telephony_server_denial_of_service_v1.0.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482484/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26113"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3536"}, {"source": "cve@mitre.org", "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022871-01.pdf"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37252"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}