Vendor
Nortel
Nortel Networks Corporation, formerly Northern Telecom Limited, was a Canadian multinational telecommunications and data networking equipment manufacturer headquartered in Ottawa, Ontario. It was founded in Montreal, Quebec, in 1895 as the Northern Electric and Manufacturing Company, or simply Northern Electric. Until an antitrust settlement in 1949, Northern Electric was owned mostly by Bell Canada and the Western Electric Company of the Bell System, producing large volumes of telecommunications equipment based on licensed Western Electric designs.
Founded 1895
Products
70
CVEs
44
Across products
183
Status
Private
Products
70- 28 CVEs
- 25 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- + 40 more — see CVE list below for full coverage.
Recent CVEs
44| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-0356 | 0.10 | — | 0.82 | May 31, 2005 | Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. | ||
| CVE-2004-1305 | 0.09 | — | 0.78 | Dec 23, 2004 | The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. | ||
| CVE-2007-5636 | 0.05 | — | 0.25 | Oct 23, 2007 | Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka "extraneous messaging." | ||
| CVE-2008-4999 | 0.04 | — | 0.13 | Nov 7, 2008 | Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: this issue could not be reproduced by a third party, who tested it on 0604DAD. In addition, the original researcher was not able to reliably reproduce the issue. | ||
| CVE-2007-5637 | 0.04 | — | 0.11 | Oct 23, 2007 | The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier. | ||
| CVE-2005-4197 | 0.04 | — | 0.09 | Dec 13, 2005 | tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. | ||
| CVE-2004-2549 | 0.04 | — | 0.08 | Dec 31, 2004 | Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow. | ||
| CVE-2002-0540 | 0.04 | — | 0.07 | Jul 3, 2002 | Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration. | ||
| CVE-2002-0209 | 0.04 | — | 0.08 | May 16, 2002 | Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address. | ||
| CVE-2007-1057 | 0.03 | — | 0.00 | Feb 21, 2007 | The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. | ||
| CVE-2004-1319 | 0.03 | — | 0.31 | Dec 15, 2004 | The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | ||
| CVE-2004-0839 | 0.03 | — | 0.42 | Aug 18, 2004 | Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". | ||
| CVE-2000-0221 | 0.03 | — | 0.04 | Feb 25, 2000 | The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port. | ||
| CVE-2000-0009 | 0.03 | — | 0.00 | Dec 29, 1999 | The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands. | ||
| CVE-2003-1115 | 0.01 | — | 0.15 | Dec 31, 2003 | The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | ||
| CVE-2008-6579 | 0.00 | — | 0.00 | Apr 1, 2009 | Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators." | ||
| CVE-2008-6578 | 0.00 | — | 0.02 | Apr 1, 2009 | Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors. | ||
| CVE-2008-6577 | 0.00 | — | 0.02 | Apr 1, 2009 | Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges. | ||
| CVE-2008-6576 | 0.00 | — | 0.01 | Apr 1, 2009 | Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions. | ||
| CVE-2008-6564 | 0.00 | — | 0.02 | Mar 31, 2009 | Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks. |