CVE-2007-5637 - Vulnerability Details

Vendors	Products
Nortel	Business Communications Manager Centrex Ip Client Manager Centrex Ip Element Manager Communications Server Ip Audio Conference Phone 2033 Ip Phone 1110 Ip Phone 1120e Ip Phone 1140e Ip Phone 1150e Ip Phone 2001 Ip Phone 2002 Ip Phone 2004 Ip Phone 2007 Meridian Option 11c Meridian Option 51c Meridian Option 61c Meridian Option 81c Meridian Sl100 Mobile Voice Client 2050 Multimedia Communication Server 5100 Multimedia Communication Server 5200 Wlan Handset 2210 Wlan Handset 2211 Wlan Handset 2212 Wlan Handset 6120 Wlan Handset 6140

Link	Providers
http://osvdb.org/41769
http://secunia.com/advisories/27234
http://securityreason.com/securityalert/3272
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714
http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt
http://www.securityfocus.com/archive/1/482478/100/0/threaded
http://www.securityfocus.com/bid/26120
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37255

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables \"surveillance mode.\" NOTE: issues relating to a small ID number space can be leveraged to make this attack easier."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "nortel-ipphone-unistim-audio-hijacking(37255)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37255"}, {"name": "41769", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41769"}, {"name": "27234", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27234"}, {"tags": ["x_refsource_MISC"], "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714"}, {"name": "3272", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3272"}, {"name": "20071018 Nortel IP Phone Surveillance Mode", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482478/100/0/threaded"}, {"name": "26120", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26120"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5637", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables \"surveillance mode.\" NOTE: issues relating to a small ID number space can be leveraged to make this attack easier."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "nortel-ipphone-unistim-audio-hijacking(37255)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37255"}, {"name": "41769", "refsource": "OSVDB", "url": "http://osvdb.org/41769"}, {"name": "27234", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27234"}, {"name": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt", "refsource": "MISC", "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt"}, {"name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf", "refsource": "CONFIRM", "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf"}, {"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714", "refsource": "CONFIRM", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714"}, {"name": "3272", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3272"}, {"name": "20071018 Nortel IP Phone Surveillance Mode", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482478/100/0/threaded"}, {"name": "26120", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26120"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:39:13.577Z"}, "title": "CVE Program Container", "references": [{"name": "nortel-ipphone-unistim-audio-hijacking(37255)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37255"}, {"name": "41769", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41769"}, {"name": "27234", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27234"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714"}, {"name": "3272", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3272"}, {"name": "20071018 Nortel IP Phone Surveillance Mode", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482478/100/0/threaded"}, {"name": "26120", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26120"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5637", "datePublished": "2007-10-23T17:00:00", "dateReserved": "2007-10-23T00:00:00", "dateUpdated": "2024-08-07T15:39:13.577Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2007-10-17T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-15T20:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : nortel-ipphone-unistim-audio-hijacking(37255) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37255 (string)

}

1 : { »

name : 41769 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

]

url : http://osvdb.org/41769 (string)

}

2 : { »

name : 27234 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/27234 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714 (string)

}

6 : { »

name : 3272 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SREASON (string)

]

url : http://securityreason.com/securityalert/3272 (string)

}

7 : { »

name : 20071018 Nortel IP Phone Surveillance Mode (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/482478/100/0/threaded (string)

}

8 : { »

name : 26120 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/26120 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2007-5637 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : nortel-ipphone-unistim-audio-hijacking(37255) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37255 (string)

}

1 : { »

name : 41769 (string)

refsource : OSVDB (string)

url : http://osvdb.org/41769 (string)

}

2 : { »

name : 27234 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/27234 (string)

}

3 : { »

name : http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt (string)

refsource : MISC (string)

url : http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt (string)

}

4 : { »

name : http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf (string)

refsource : CONFIRM (string)

url : http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf (string)

}

5 : { »

name : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714 (string)

refsource : CONFIRM (string)

url : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714 (string)

}

6 : { »

name : 3272 (string)

refsource : SREASON (string)

url : http://securityreason.com/securityalert/3272 (string)

}

7 : { »

name : 20071018 Nortel IP Phone Surveillance Mode (string)

refsource : BUGTRAQ (string)

url : http://www.securityfocus.com/archive/1/482478/100/0/threaded (string)

}

8 : { »

name : 26120 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/26120 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T15:39:13.577Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : nortel-ipphone-unistim-audio-hijacking(37255) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37255 (string)

}

1 : { »

name : 41769 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

2 : x_transferred (string)

]

url : http://osvdb.org/41769 (string)

}

2 : { »

name : 27234 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/27234 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714 (string)

}

6 : { »

name : 3272 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SREASON (string)

2 : x_transferred (string)

]

url : http://securityreason.com/securityalert/3272 (string)

}

7 : { »

name : 20071018 Nortel IP Phone Surveillance Mode (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/482478/100/0/threaded (string)

}

8 : { »

name : 26120 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/26120 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2007-5637 (string)

datePublished : 2007-10-23T17:00:00 (string)

dateReserved : 2007-10-23T00:00:00 (string)

dateUpdated : 2024-08-07T15:39:13.577Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nortel:multimedia_communication_server_5100:*:*:*:*:*:*:*:*", "matchCriteriaId": "C924E0F3-999C-4B2B-BFD9-24BDBE4BABA5", "vulnerable": false}, {"criteria": "cpe:2.3:a:nortel:multimedia_communication_server_5200:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EBEF64C-2B98-4961-8E2A-C59EA894FE0F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:nortel:communications_server:1000e:*:*:*:*:*:*:*", "matchCriteriaId": "0EDBAFA1-329A-4321-990F-9B0972D286E8", "vulnerable": false}, {"criteria": "cpe:2.3:a:nortel:communications_server:1000m:*:*:*:*:*:*:*", "matchCriteriaId": "9559937B-8F87-49AB-B572-2DB3477CB1BB", "vulnerable": false}, {"criteria": "cpe:2.3:a:nortel:communications_server:1000s:*:*:*:*:*:*:*", "matchCriteriaId": "FA45C92F-3CDF-41A3-BD3F-E9725338E61F", "vulnerable": false}, {"criteria": "cpe:2.3:a:nortel:communications_server:2100:*:*:*:*:*:*:*", "matchCriteriaId": "6D7FC9EB-4BF5-45C2-A260-ADF4CC218700", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_audio_conference_phone_2033:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3725D9C-E702-45F8-A647-BAA86EA060C6", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_1110:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC7EA846-6B58-4F88-91B2-770388BE5E2C", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_1120e:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9593EEF-CAC3-455B-972D-5DD2FE4802C2", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_1140e:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1482953-C22F-4FA7-B262-52B136F578CB", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_1150e:*:*:*:*:*:*:*:*", "matchCriteriaId": "64B644B1-F5B9-4420-9908-CB4770B3F600", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_2001:*:*:*:*:*:*:*:*", "matchCriteriaId": "645B8DCD-27BB-46B2-A41E-4EBC0674AD4C", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_2002:*:*:*:*:*:*:*:*", "matchCriteriaId": "D52E4B37-7699-41D0-A9B7-965A01808607", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_2004:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD0A3FFE-C169-4C4B-8DDD-B5EFA9ACE238", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:ip_phone_2007:*:*:*:*:*:*:*:*", "matchCriteriaId": "76E5B7F9-8163-441D-8900-1FD60AC3579C", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_2210:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7F1EFF9-42CB-4F10-940F-E397ED56D423", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_2211:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A490C36-F529-4448-A8DE-BE2C74041E19", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_2212:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7A9DC40-0269-403C-8D86-4EE094C5493E", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_6120:*:*:*:*:*:*:*:*", "matchCriteriaId": "54772D2C-5460-4C63-A22A-DBBC497BFBA6", "vulnerable": false}, {"criteria": "cpe:2.3:h:nortel:wlan_handset_6140:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D18F26-40F0-4041-95B0-6A2153DD1261", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:nortel:business_communications_manager:50:*:*:*:*:*:*:*", "matchCriteriaId": "BF498EA6-EF04-43A1-9627-E4B77928AAA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:50a:*:*:*:*:*:*:*", "matchCriteriaId": "04BB4BDA-893E-4912-9323-3F225435AE7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:50e:*:*:*:*:*:*:*", "matchCriteriaId": "F6C8AB15-D6F2-4F06-81BB-9D54F692CA24", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:200:*:*:*:*:*:*:*", "matchCriteriaId": "F49ECAF3-0922-4C6B-A991-93504457668A", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:400:*:*:*:*:*:*:*", "matchCriteriaId": "E34503FD-5462-4D07-B626-A0061EDB6DC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:1000:*:*:*:*:*:*:*", "matchCriteriaId": "2401C82A-BC79-435D-B921-FEE8DD3129C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:srg50:*:*:*:*:*:*:*", "matchCriteriaId": "3D29C329-4026-459C-A8F0-67BEF104FCFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:business_communications_manager:srg200:*:*:*:*:*:*:*", "matchCriteriaId": "A91B8617-7E5F-4373-8A8F-B27F4F3B1699", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:centrex_ip_client_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6B037DA-B11F-41DA-A63A-7FFB88794BD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:centrex_ip_element_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE819C43-881A-4209-BC25-B0CDF08313F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C791034-CF75-4779-AB1B-DF7A67361A85", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5D5C794-DF6D-492F-B34B-CDBB364C7168", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9CBF345-9D72-459A-ADA2-33DE3A25D156", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:*", "matchCriteriaId": "B726AC5D-3270-40D8-9783-F068A682A82D", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:meridian_sl100:cs2100:*:*:*:*:*:*:*", "matchCriteriaId": "E6B42739-60EB-4A93-85B6-1A95DF36BD51", "vulnerable": true}, {"criteria": "cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*", "matchCriteriaId": "48E2627D-3244-4A66-9EF6-B790EEFD0D4A", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables \"surveillance mode.\" NOTE: issues relating to a small ID number space can be leveraged to make this attack easier."}, {"lang": "es", "value": "The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, y otros productos Nortel desde el IP Phone, Business Communications Manager (BCM), y otras l\u00edneas de producto permite a atacantes remotos espiar sobre el entorno f\u00edsico a trav\u00e9s de un mensaje Open Audio Stream que habilita \"modo vigilante\". NOTA: este asunto est\u00e1 relacionado con un espacio de n\u00fameros peque\u00f1o ID que podr\u00eda apalancar para hacer m\u00e1s f\u00e1cil el ataque."}], "id": "CVE-2007-5637", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-10-23T17:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/41769"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27234"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3272"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714"}, {"source": "cve@mitre.org", "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482478/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/26120"}, {"source": "cve@mitre.org", "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/41769"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27234"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3272"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482478/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/26120"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37255"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:nortel:multimedia_communication_server_5100:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C924E0F3-999C-4B2B-BFD9-24BDBE4BABA5 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:a:nortel:multimedia_communication_server_5200:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0EBEF64C-2B98-4961-8E2A-C59EA894FE0F (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:nortel:communications_server:1000e:*:*:*:*:*:*:* (string)

matchCriteriaId : 0EDBAFA1-329A-4321-990F-9B0972D286E8 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:a:nortel:communications_server:1000m:*:*:*:*:*:*:* (string)

matchCriteriaId : 9559937B-8F87-49AB-B572-2DB3477CB1BB (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:a:nortel:communications_server:1000s:*:*:*:*:*:*:* (string)

matchCriteriaId : FA45C92F-3CDF-41A3-BD3F-E9725338E61F (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:a:nortel:communications_server:2100:*:*:*:*:*:*:* (string)

matchCriteriaId : 6D7FC9EB-4BF5-45C2-A260-ADF4CC218700 (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:h:nortel:ip_audio_conference_phone_2033:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F3725D9C-E702-45F8-A647-BAA86EA060C6 (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:h:nortel:ip_phone_1110:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DC7EA846-6B58-4F88-91B2-770388BE5E2C (string)

vulnerable : false (boolean)

}

6 : { »

criteria : cpe:2.3:h:nortel:ip_phone_1120e:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D9593EEF-CAC3-455B-972D-5DD2FE4802C2 (string)

vulnerable : false (boolean)

}

7 : { »

criteria : cpe:2.3:h:nortel:ip_phone_1140e:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F1482953-C22F-4FA7-B262-52B136F578CB (string)

vulnerable : false (boolean)

}

8 : { »

criteria : cpe:2.3:h:nortel:ip_phone_1150e:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 64B644B1-F5B9-4420-9908-CB4770B3F600 (string)

vulnerable : false (boolean)

}

9 : { »

criteria : cpe:2.3:h:nortel:ip_phone_2001:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 645B8DCD-27BB-46B2-A41E-4EBC0674AD4C (string)

vulnerable : false (boolean)

}

10 : { »

criteria : cpe:2.3:h:nortel:ip_phone_2002:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D52E4B37-7699-41D0-A9B7-965A01808607 (string)

vulnerable : false (boolean)

}

11 : { »

criteria : cpe:2.3:h:nortel:ip_phone_2004:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BD0A3FFE-C169-4C4B-8DDD-B5EFA9ACE238 (string)

vulnerable : false (boolean)

}

12 : { »

criteria : cpe:2.3:h:nortel:ip_phone_2007:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 76E5B7F9-8163-441D-8900-1FD60AC3579C (string)

vulnerable : false (boolean)

}

13 : { »

criteria : cpe:2.3:h:nortel:wlan_handset_2210:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C7F1EFF9-42CB-4F10-940F-E397ED56D423 (string)

vulnerable : false (boolean)

}

14 : { »

criteria : cpe:2.3:h:nortel:wlan_handset_2211:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2A490C36-F529-4448-A8DE-BE2C74041E19 (string)

vulnerable : false (boolean)

}

15 : { »

criteria : cpe:2.3:h:nortel:wlan_handset_2212:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D7A9DC40-0269-403C-8D86-4EE094C5493E (string)

vulnerable : false (boolean)

}

16 : { »

criteria : cpe:2.3:h:nortel:wlan_handset_6120:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 54772D2C-5460-4C63-A22A-DBBC497BFBA6 (string)

vulnerable : false (boolean)

}

17 : { »

criteria : cpe:2.3:h:nortel:wlan_handset_6140:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 52D18F26-40F0-4041-95B0-6A2153DD1261 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

2 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:nortel:business_communications_manager:50:*:*:*:*:*:*:* (string)

matchCriteriaId : BF498EA6-EF04-43A1-9627-E4B77928AAA2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:nortel:business_communications_manager:50a:*:*:*:*:*:*:* (string)

matchCriteriaId : 04BB4BDA-893E-4912-9323-3F225435AE7F (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:nortel:business_communications_manager:50e:*:*:*:*:*:*:* (string)

matchCriteriaId : F6C8AB15-D6F2-4F06-81BB-9D54F692CA24 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:nortel:business_communications_manager:200:*:*:*:*:*:*:* (string)

matchCriteriaId : F49ECAF3-0922-4C6B-A991-93504457668A (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:nortel:business_communications_manager:400:*:*:*:*:*:*:* (string)

matchCriteriaId : E34503FD-5462-4D07-B626-A0061EDB6DC8 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:nortel:business_communications_manager:1000:*:*:*:*:*:*:* (string)

matchCriteriaId : 2401C82A-BC79-435D-B921-FEE8DD3129C7 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:nortel:business_communications_manager:srg50:*:*:*:*:*:*:* (string)

matchCriteriaId : 3D29C329-4026-459C-A8F0-67BEF104FCFC (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:nortel:business_communications_manager:srg200:*:*:*:*:*:*:* (string)

matchCriteriaId : A91B8617-7E5F-4373-8A8F-B27F4F3B1699 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:nortel:centrex_ip_client_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F6B037DA-B11F-41DA-A63A-7FFB88794BD5 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:nortel:centrex_ip_element_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EE819C43-881A-4209-BC25-B0CDF08313F0 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:nortel:meridian_option_11c:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8C791034-CF75-4779-AB1B-DF7A67361A85 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:nortel:meridian_option_51c:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C5D5C794-DF6D-492F-B34B-CDBB364C7168 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:nortel:meridian_option_61c:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A9CBF345-9D72-459A-ADA2-33DE3A25D156 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:nortel:meridian_option_81c:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B726AC5D-3270-40D8-9783-F068A682A82D (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:nortel:meridian_sl100:cs2100:*:*:*:*:*:*:* (string)

matchCriteriaId : E6B42739-60EB-4A93-85B6-1A95DF36BD51 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 48E2627D-3244-4A66-9EF6-B790EEFD0D4A (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier. (string)

}

1 : { »

lang : es (string)

value : The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, y otros productos Nortel desde el IP Phone, Business Communications Manager (BCM), y otras líneas de producto permite a atacantes remotos espiar sobre el entorno físico a través de un mensaje Open Audio Stream que habilita "modo vigilante". NOTA: este asunto está relacionado con un espacio de números pequeño ID que podría apalancar para hacer más fácil el ataque. (string)

}

]

id : CVE-2007-5637 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2007-10-23T17:46:00.000 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://osvdb.org/41769 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/27234 (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://securityreason.com/securityalert/3272 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

]

url : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714 (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/archive/1/482478/100/0/threaded (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : http://www.securityfocus.com/bid/26120 (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf (string)

}

8 : { »

source : cve@mitre.org (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37255 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://osvdb.org/41769 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/27234 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://securityreason.com/securityalert/3272 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=654714 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.csnc.ch/static/advisory/csnc/nortel_IP_phone_surveillance_mode_v1.0.txt (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/archive/1/482478/100/0/threaded (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : http://www.securityfocus.com/bid/26120 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/42/022870-01.pdf (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37255 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object