Vulnerabilities for Contivity (...) - CXSECURITY.COM

Vulnerabilities for 'Contivity'

2007-04-27

CVE-2007-2334

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests.

CVE-2007-2333

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network.

2005-08-16

CVE-2005-2579

Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box.

2005-05-27

CVE-2005-1802

Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.

2005-05-02

CVE-2005-0844

CWE-310

Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information.

2004-12-31

CVE-2004-2621

Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.

2005-01-10

CVE-2004-1105

Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information.

2000-01-17

CVE-2000-0064

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.

CVE-2000-0063

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script.

>>> Vendor: Nortel 70 Products

Optivity net architect

Alteon acedirector

Cvx 1800 multi-service access switch

Succession communication server 2000

Business communications manager

802.11 wireless ip gateway

Succession communication server 1000

Ip softphone 2050

Mobile voice client 2050

Optivity telephony manager

Symposium web centre portal

Symposium web client

Media communication server 5100

Media communication server 5200

Media processing server

Symposium agent

Symposium network control center

Symposium tapi service provider

Symposium call center server

Symposium express call center

Wlan access point 2220

Wlan access point 2221

Wlan access point 2225

7220 wlan access point

7250 wlan access point

Ethernet routing switch 1612

Ethernet routing switch 1624

Ethernet routing switch 1648

Optical metro 5000

Optical metro 5100

Optical metro 5200

Survivable remote gateway

Universal signaling point

Vpn router 1010

Vpn router 1050

Vpn router 1100

Vpn router 1700

Vpn router 1740

Vpn router 2700

Vpn router 5000

Callpilot server

Net direct client

Vpn router 1750

Vpn router portfolio

Communications server

Pc client soft phone sip

Meridian option 11c

Meridian option 51c

Meridian option 61c

Meridian option 81c

Centrex ip client manager

Centrex ip element manager

Multimedia communications server

Sip multimedia pc client

Unistim ip phone

Multimedia communication server 5100

Communication server 1000

Unistim protocol

Copyright 2024, cxsecurity.com