| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions. |
| Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue. |
| Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command. |
| Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values. |
| Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks. |
| Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. |
| The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port. |
| Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration. |
| The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
| Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. |
| Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow. |
| Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. |
| Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box. |
| tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. |
| cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. |
| cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. |
| Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address. |
| Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". |
| Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. |
| The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. |
