CVE-2007-5639

Name of the Vulnerable Software and Affected Versions Nortel UNIStim IP Softphone 2050 (affected versions not specified) Nortel IP Phone 1140E (affected versions not specified) Other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products (affected versions not specified)

Description The issue allows remote attackers to cause a denial of service, resulting in a device hang. This is achieved by flooding the device with Mute and UnMute messages that have a spoofed source IP address for the Signaling Server.

Recommendations For Nortel UNIStim IP Softphone 2050, consider restricting access to the Signaling Server to minimize the risk of exploitation. For Nortel IP Phone 1140E, restrict the handling of Mute and UnMute messages from unverified sources. For other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products, limit the processing of messages with spoofed source IP addresses for the Signaling Server. At the moment, there is no information about a newer version that contains a fix for this issue.