CVE-2007-5591

Name of the Vulnerable Software and Affected Versions Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet version (affected versions not specified) Nortel Enterprise VoIP-Core-CS 1000E version (affected versions not specified) Nortel Enterprise VoIP-Core-CS 1000S version (affected versions not specified) Meridian-Core-Option 11C Chassis and Cabinet version (affected versions not specified) Meridian-Core-Option 51C version (affected versions not specified) Meridian-Core-Option 61C version (affected versions not specified) Meridian-Core-Option 81C version (affected versions not specified)

Description The issue allows remote attackers to cause a denial of service, resulting in a telephony application outage. This is achieved by flooding packets to Embedded LAN (ELAN) ports.

Recommendations For Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, consider restricting access to ELAN ports to minimize the risk of exploitation. For Nortel Enterprise VoIP-Core-CS 1000E, restrict access to ELAN ports until a fix is available. For Nortel Enterprise VoIP-Core-CS 1000S, limit the traffic to ELAN ports as a temporary workaround. For Meridian-Core-Option 11C Chassis and Cabinet, restrict access to ELAN ports to prevent denial of service attacks. For Meridian-Core-Option 51C, 61C, and 81C, consider implementing traffic filtering on ELAN ports to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.