PT-2007-3667 · Nortel · Nortel Vpn Router

Published

2007-04-27

Updated

2011-03-08

CVE-2007-2334

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Nortel VPN Router (aka Contivity) versions 1000, 2000, 4000, and 5000 before 5 05.149 Nortel VPN Router (aka Contivity) versions 5 05.3xx before 5 05.304 Nortel VPN Router (aka Contivity) versions 6.x before 6 05.140

Description The issue is related to two template HTML files that lack certain verification tags. This allows remote attackers to access the administration interface and change the device configuration via certain requests.

Recommendations For versions 1000, 2000, 4000, and 5000 before 5 05.149, update to version 5 05.149 or later. For versions 5 05.3xx before 5 05.304, update to version 5 05.304 or later. For versions 6.x before 6 05.140, update to version 6 05.140 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2334

Affected Products

Nortel Vpn Router

PT-2007-3667 · Nortel · Nortel Vpn Router

CVE-2007-2334

Related Identifiers

Affected Products

References · 8