Nortel: Security Vulnerabilities
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network.
CVSS Score
10.0
EPSS Score
0.024
Published
2007-04-27
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests.
CVSS Score
7.5
EPSS Score
0.011
Published
2007-04-27
Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID).
CVSS Score
9.3
EPSS Score
0.011
Published
2007-04-02
The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.
CVSS Score
6.9
EPSS Score
0.001
Published
2007-02-21
Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL.
CVSS Score
10.0
EPSS Score
0.004
Published
2006-12-20
tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet.
CVSS Score
7.5
EPSS Score
0.117
Published
2005-12-13
Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box.
CVSS Score
7.2
EPSS Score
0.0
Published
2005-08-16
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
CVSS Score
5.0
EPSS Score
0.86
Published
2005-05-31
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.
CVSS Score
5.0
EPSS Score
0.008
Published
2005-05-27
Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-05-02