Vulnerability CVE-2008-5871


Published: 2009-01-08   Modified: 2012-02-12

Description:
Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command.

Type:

CWE-255

(Credentials Management)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Nortel -> Multimedia communication server 5100 

 References:
http://xforce.iss.net/xforce/xfdb/45752
http://www.vupen.com/english/advisories/2008/2779
http://www.securityfocus.com/bid/31640
http://voipshield.com/research-details.php?id=119
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=775223
http://secunia.com/advisories/32203

Copyright 2020, cxsecurity.com

 

Back to Top