4.3
CVSSv2

CVE-2007-5637

Published: 23/10/2007 Updated: 15/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote malicious users to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier.

Vulnerable Product Search on Vulmon Subscribe to Product

nortel business_communications_manager 50a

nortel business_communications_manager 50e

nortel meridian_option_81c

nortel meridian_sl100 cs2100

nortel business_communications_manager 1000

nortel business_communications_manager 200

nortel centrex_ip_element_manager

nortel meridian_option_11c

nortel business_communications_manager 400

nortel business_communications_manager 50

nortel meridian_option_51c

nortel meridian_option_61c

nortel business_communications_manager srg200

nortel business_communications_manager srg50

nortel centrex_ip_client_manager

nortel mobile_voice_client_2050

Exploits

source: wwwsecurityfocuscom/bid/26120/info Multiple Nortel Networks UNIStim VoIP telephony products are prone to a remote vulnerability that may allow eavesdropping Attackers can exploit this issue to open an audio channel with the phone's microphone This will allow attackers to remotely eavesdrop on arbitrary conversations and gain po ...