CVE-2007-2332

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

N

ortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.

References

Link	Resource
http://secunia.com/advisories/24962	Vendor Advisory
http://www.securityfocus.com/bid/23562
http://www.vupen.com/english/advisories/2007/1464
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null
http://secunia.com/advisories/24962	Vendor Advisory
http://www.securityfocus.com/bid/23562
http://www.vupen.com/english/advisories/2007/1464
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:nortel:vpn_router_1010::::::::
	cpe:2.3:h:nortel:vpn_router_1050::::::::
	cpe:2.3:h:nortel:vpn_router_1100::::::::
	cpe:2.3:h:nortel:vpn_router_1700::::::::
	cpe:2.3:h:nortel:vpn_router_1740::::::::
	cpe:2.3:h:nortel:vpn_router_1750::::::::
	cpe:2.3:h:nortel:vpn_router_2700::::::::
	cpe:2.3:h:nortel:vpn_router_5000::::::::

History

21 Nov 2024, 00:30

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/24962 - Vendor Advisory~~	() http://secunia.com/advisories/24962 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/23562 -~~	() http://www.securityfocus.com/bid/23562 -
References	~~() http://www.vupen.com/english/advisories/2007/1464 -~~	() http://www.vupen.com/english/advisories/2007/1464 -
References	~~() http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null -~~	() http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null -

Information

Published : 2007-04-27 16:19

Updated : 2025-04-09 00:30

NVD link : CVE-2007-2332

Mitre link : CVE-2007-2332

CVE.ORG link : CVE-2007-2332

JSON object : View

Products Affected

CWE

NVD-CWE-Other

{"id": "CVE-2007-2332", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-04-27T16:19:00.000", "references": [{"url": "http://secunia.com/advisories/24962", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/23562", "source": "[email protected]"}, {"url": "http://www.vupen.com/english/advisories/2007/1464", "source": "[email protected]"}, {"url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null", "source": "[email protected]"}, {"url": "http://secunia.com/advisories/24962", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/23562", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/1464", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store."}, {"lang": "es", "value": "Nortel VPN Router (tambi\u00e9n conocido como Contivity) 1000, 2000, 4000, y 5000 anterior a 6_05.140 utiliza una llave DES para encriptar contrase\u00f1as, lo cual permite a usuarios remotos validados obtener una contrase\u00f1a a trav\u00e9s de ataques por fuerza bruta sobre un hash desde el LDAP almacenado."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nortel:vpn_router_1010:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "370BE654-2A89-4FA9-BE88-3E4CA19441FC"}, {"criteria": "cpe:2.3:h:nortel:vpn_router_1050:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD74483C-842C-4E01-A786-C34866B548FA"}, {"criteria": "cpe:2.3:h:nortel:vpn_router_1100:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DC585A5-DBBE-4236-801A-F52523A5C5DF"}, {"criteria": "cpe:2.3:h:nortel:vpn_router_1700:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B922ADAB-F42F-4113-8222-0493FE74CF6F"}, {"criteria": "cpe:2.3:h:nortel:vpn_router_1740:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF2FF1CE-97F7-4951-8FD7-59657670BF05"}, {"criteria": "cpe:2.3:h:nortel:vpn_router_1750:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B7D4D62-CB44-437C-A30C-F65DB36DE01F"}, {"criteria": "cpe:2.3:h:nortel:vpn_router_2700:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23377D6E-6C2C-425B-A6DC-E5319B327DC3"}, {"criteria": "cpe:2.3:h:nortel:vpn_router_5000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9050DFE2-99C6-41F0-AD1D-5EDFB9B15D8C"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}