CVE-2007-5640

Name of the Vulnerable Software and Affected Versions Nortel UNIStim IP Softphone 2050 (affected versions not specified) Nortel IP Phone 1140E (affected versions not specified) Other Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines (affected versions not specified)

Description The issue allows remote attackers to block calls and force re-registration via a resume message to the Signaling Server that has a spoofed source IP address for the phone. This attack can be more disruptive if a new spoofed resume message is sent after each re-registration.

Recommendations For Nortel UNIStim IP Softphone 2050, consider restricting access to the Signaling Server to minimize the risk of exploitation. For Nortel IP Phone 1140E, restrict access to the Signaling Server until a fix is available. For other affected Nortel products, avoid using the resume message feature in the Signaling Server until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.