|Nortel Networks多个UNIStim VoIP产品远程窃听漏洞

Nortel Networks多个UNIStim VoIP产品远程窃听漏洞

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

Nortel IP Phones是一款IP电话应用方案。 Nortel IP Phones存在设计错误，远程攻击者可以利用漏洞对设备进行窃听，导致敏感信息泄露。如果正确的UNIStim消息发送给IP电话，IP电话可进入surveillance模式，UNIStim消息ID必须匹配信号服务器和IP电话间的可预期ID，协议使用16位大小作为ID数字，如果恶意用户发送65536个所有可能ID号的伪造UNIStim消息，可导致消息被窃听，造成敏感信息泄露。 Nortel Networks Universal Access - IP 0 Nortel Networks Survivable Remote Gateway 50 Nortel Networks Survivable Remote Gateway 200/400 Nortel Networks Succession Multimedia Communications 0 Nortel Networks Packet Transit - IP 0 Nortel Networks Mobile Voice Client 2050 Nortel Networks Meridian 1 - Option 81C 0 Nortel Networks Meridian 1 - Option 61C 0 Nortel Networks Meridian 1 - Option 51C 0 Nortel Networks Meridian 1 - Option 11C 0 Nortel Networks Meridian 1 - Option11C Mini Nortel Networks IP softphone 2050 Nortel Networks IP Phone 2007 Nortel Networks IP Phone 2004 Nortel Networks IP Phone 2002 Nortel Networks IP Phone 2001 Nortel Networks IP Phone 1150E Nortel Networks IP Phone 1140E Nortel Networks IP Phone 1120E Nortel Networks IP Phone 1110 Nortel Networks IP Audio Conference Phone 2033 Nortel Networks Integrated Access - Cable 0 Nortel Networks Extended Peripheral Module 0 Nortel Networks Communications Server 2100 Nortel Networks Communication Server 1000S Nortel Networks Communication Server 1000M Cabinet/Chassi Nortel Networks Communication Server 1000E Nortel Networks Circuit Switching 0 Nortel Networks Centrex IP Element Manager 0 Nortel Networks Centrex IP Client Manager Nortel Networks Business Communications Manager Nortel Networks BCM 50 Nortel Networks BCM 400 Nortel Networks BCM 1000 可参考如下安全公告获得补丁信息： <a href="http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY" target="_blank">http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY</a>

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™