RSS   Vulnerabilities for 'Contivity'   RSS

2007-04-27
 
CVE-2007-2334

 

 
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests.

 
 
CVE-2007-2333

 

 
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network.

 
2005-08-16
 
CVE-2005-2579

 

 
Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box.

 
2005-05-27
 
CVE-2005-1802

 

 
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.

 
2005-05-02
 
CVE-2005-0844

CWE-310
 

 
Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information.

 
2004-12-31
 
CVE-2004-2621

 

 
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.

 
2005-01-10
 
CVE-2004-1105

 

 
Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information.

 
2000-01-17
 
CVE-2000-0064

 

 
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.

 
 
CVE-2000-0063

 

 
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script.

 

 >>> Vendor: Nortel 70 Products
Optivity net architect
Contivity
Nautica marlin
Alteon acedirector
Cvx 1800 multi-service access switch
Succession communication server 2000
Business communications manager
802.11 wireless ip gateway
Succession communication server 1000
Ip softphone 2050
Mobile voice client 2050
Optivity telephony manager
Symposium web centre portal
Symposium web client
Media communication server 5100
Media communication server 5200
Media processing server
Periphonics
Symposium agent
Symposium network control center
Symposium tapi service provider
Symposium call center server
Symposium express call center
Wlan access point 2220
Wlan access point 2221
Wlan access point 2225
Callpilot
Contact center
7220 wlan access point
7250 wlan access point
Ethernet routing switch 1612
Ethernet routing switch 1624
Ethernet routing switch 1648
Optical metro 5000
Optical metro 5100
Optical metro 5200
Survivable remote gateway
Universal signaling point
Vpn router 1010
Vpn router 1050
Vpn router 1100
Vpn router 1700
Vpn router 1740
Vpn router 2700
Vpn router 5000
Vpn router 600
Ssl vpn
Callpilot server
Net direct client
Meridian mail
Vpn router 1750
Vpn router portfolio
Communications server
Pc client soft phone sip
Sip softphone
Meridian option 11c
Meridian option 51c
Meridian option 61c
Meridian option 81c
Voip-core-cs
Centrex ip client manager
Centrex ip element manager
Meridian sl100
Multimedia communications server
Sip multimedia pc client
Unistim ip phone
Multimedia communication server 5100
Communication server 1000
Unistim protocol
Cs1000


Copyright 2019, cxsecurity.com

 

Back to Top