CVE-2008-6564

Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks.

CVSS v2.0 7.6 HIGH

7.6^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/44379
http://secunia.com/advisories/29747
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455	Vendor Advisory
http://www.securityfocus.com/bid/28691
http://www.securitytracker.com/id?1019847
http://www.voipshield.com/research-details.php?id=27&s=4&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
https://exchange.xforce.ibmcloud.com/vulnerabilities/41801

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nortel:communication_server_1000::::::::
	cpe:2.3:h:nortel:unistim_protocol::::::::

History

No history.

Information

Published : 2009-03-31 17:30

Updated : 2017-08-17 01:29

NVD link : CVE-2008-6564

Mitre link : CVE-2008-6564

CVE.ORG link : CVE-2008-6564

JSON object : View

Products Affected

nortel

communication_server_1000
unistim_protocol

CWE

NVD-CWE-Other

{"id": "CVE-2008-6564", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-03-31T17:30:00.453", "references": [{"url": "http://osvdb.org/44379", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29747", "source": "cve@mitre.org"}, {"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28691", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019847", "source": "cve@mitre.org"}, {"url": "http://www.voipshield.com/research-details.php?id=27&s=4&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41801", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks."}, {"lang": "es", "value": "Protocolo Nortel UNIStim, utilizado en Communication Server 1000 y otros productos, utiliza n\u00fameros de secuencia predecibles, lo que permite a atacantes remotos secuestrar seisiones a trav\u00e9s de ataques de rastreo o fuerza bruta."}], "lastModified": "2017-08-17T01:29:23.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nortel:communication_server_1000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5F61F4A-78E4-469C-8218-55B588FFBD23"}, {"criteria": "cpe:2.3:h:nortel:unistim_protocol:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3208B0FF-93A1-4E05-AA5C-67A27B9FAFFB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}