PT-2009-1349 · Nortel · Nortel Multimedia Communication Server 5100+1

Published

2009-01-08

Updated

2017-08-08

CVE-2008-5872

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Nortel Multimedia Communication Server (MSC) 5100 version 3.0.13

Description The issue allows remote attackers to cause a denial of service, resulting in a device outage. This can be achieved by sending a UFTP message with a negative block size or other crafted Connection Details values.

Recommendations For Nortel Multimedia Communication Server (MSC) 5100 version 3.0.13, consider restricting access to the UFTP protocol until a fix is available. As a temporary workaround, disabling the UFTP processing in IP Client Manager (IPCM) may help minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-5872

Affected Products

Ip Client Manager

Nortel Multimedia Communication Server 5100

PT-2009-1349 · Nortel · Nortel Multimedia Communication Server 5100+1

CVE-2008-5872

Weakness Enumeration

Related Identifiers

Affected Products

References · 7