Nortel CS1000 ELAN port packet flood denial of service
| nortel-cs1000-elan-dos (37252) |  Medium Risk |
Description:
Nortel CS1000 series devices are vulnerable to a denial of service attack, caused by improper handling of packets by certain Embedded LAN (ELAN) ports. By sending a flood of packets to specific ELAN ports on an affected device, a remote attacker from within the local network could cause the Telephony service to crash. The device must be rebooted to regain normal functionality.
*CVSS:
| Base Score: | 6.1 |
| Access Vector: | Adjacent Network |
| Access Complexity: | Low |
| Authentication: | None |
| Confidentiality Impact: | None |
| Integrity Impact: | None |
| Availability Impact: | Complete |
| Temporal Score: | 4.5 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Denial of Service
Remedy:
Refer to Nortel Technical Support Security Advisory Bulletin 2007008384 for patch, upgrade, or suggested workaround information. See References.
References:
- COMPASS SECURITY ADVISORY: October, 18th 2007: Telephony Server Denial of Service.
- Nortel Technical Support Security Advisory Bulletin 2007008384: Potential CS1000 DoS Vulnerability.
- BID-26113: Nortel CS1000 ELAN Remote Denial of Service Vulnerability
- CVE-2007-5591: The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports.
- SA27282: Nortel CS1000 Denial of Service Vulnerability
- VUPEN/ADV-2007-3536: Nortel Communication Server 1000 ELAN Denial of Service Vulnerability
Platforms Affected:
- Nortel CS1000e
- Nortel CS1000m
- Nortel cs1000s
- Nortel Meridian Option 11C
- Nortel Meridian Option 51C
- Nortel Meridian Option 61C
- Nortel Meridian Option 81C
Reported:
Oct 17, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.