Sign-up

ID

VAR-200704-0315


CVE

CVE-2007-2334


TITLE

Nortel VPN Router Vulnerabilities that allow access to the management interface

Trust: 0.8

sources: JVNDB: JVNDB-2007-003769

DESCRIPTION

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests. Nortel VPN routers are prone to multiple remote unauthorized-access vulnerabilities due to design errors. Successful exploits will allow attackers to access administrative functionality and completely compromise vulnerable devices or gain direct access to the private network. This issue affects all model numbers for Nortel VPN Routers 1000, 2000, 4000, 5000. Nortel VPN routers were formerly known as Contivity. Nortel VPN routers provide routing, VPN, firewall, bandwidth management, encryption, authentication, and data integrity functions for secure connections over IP networks and the Internet. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Nortel VPN Router Default User Accounts and Missing Authentication Checks SECUNIA ADVISORY ID: SA24962 VERIFY ADVISORY: http://secunia.com/advisories/24962/ CRITICAL: Moderately critical IMPACT: Security Bypass, Manipulation of data WHERE: >From remote OPERATING SYSTEM: Nortel Contivity VPN Switches http://secunia.com/product/2425/ Nortel VPN Routers http://secunia.com/product/2426/ DESCRIPTION: A vulnerability and a security issue have been reported in Nortel VPN Routers, which can be exploited by malicious people to bypass certain security restrictions or manipulate certain data. 1) Two default user accounts ("FIPSecryptedtest1219" and "FIPSunecryptedtest1219") are configured on the VPN Router, which are not readily visible to the system manager. 2) Missing authentication checks within two template files of the web management tool can be exploited to e.g. modify certain router configurations. An issue regarding same DES keys used to encrypt user's passwords has also been reported, which can facilitate brute-force attacks on user's passwords if the attacker were to gain access to the LDAP store. The vulnerability and security issue reportedly affect the following products: * Contivity 1000 VPN Switch * Contivity 2000 VPN Switch * Contivity 4000 VPN Switch * VPN Router 5000 *VPN Router Portfolio SOLUTION: Update to versions 6_05.140, 5_05.304, or 5_05.149. PROVIDED AND/OR DISCOVERED BY: The vendor credits Detack GmbH. ORIGINAL ADVISORY: Nortel: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-2334 // JVNDB: JVNDB-2007-003769 // BID: 23562 // VULHUB: VHN-25696 // PACKETSTORM: 56107

AFFECTED PRODUCTS

vendor:nortelmodel:contivityscope:eqversion:4000_vpn_switch

Trust: 1.6

vendor:nortelmodel:contivityscope:eqversion:1000_vpn_switch

Trust: 1.6

vendor:nortelmodel:contivityscope:eqversion:2000_vpn_switch

Trust: 1.6

vendor:nortelmodel:vpn router 5000scope: - version: -

Trust: 1.4

vendor:nortelmodel:vpn router 5000scope:eqversion:*

Trust: 1.0

vendor:nortelmodel:contivityscope:eqversion:4000

Trust: 0.8

vendor:nortelmodel:contivityscope:eqversion:5_05.304

Trust: 0.8

vendor:nortelmodel:contivityscope:eqversion:5_05.149

Trust: 0.8

vendor:nortelmodel:contivityscope:ltversion:5_05.3xx

Trust: 0.8

vendor:nortelmodel:contivityscope:eqversion:2000

Trust: 0.8

vendor:nortelmodel:contivityscope:eqversion:1000

Trust: 0.8

vendor:nortelmodel:contivityscope:ltversion:5000

Trust: 0.8

vendor:nortelmodel:contivityscope:eqversion:6_05.140

Trust: 0.8

vendor:nortelmodel:contivityscope:ltversion:6.x

Trust: 0.8

vendor:nortelmodel:networks vpn routerscope:eqversion:5000

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:2700

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:17500

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1740

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1700

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1100

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1050

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1010

Trust: 0.3

vendor:nortelmodel:networks contivity vpn switchscope:eqversion:4000

Trust: 0.3

vendor:nortelmodel:networks contivity vpn switchscope:eqversion:2000

Trust: 0.3

vendor:nortelmodel:networks contivity vpn switchscope:eqversion:1000

Trust: 0.3

sources: BID: 23562 // JVNDB: JVNDB-2007-003769 // CNNVD: CNNVD-200704-577 // NVD: CVE-2007-2334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2334
value: HIGH

Trust: 1.0

NVD: CVE-2007-2334
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200704-577
value: HIGH

Trust: 0.6

VULHUB: VHN-25696
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-2334
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25696
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-25696 // JVNDB: JVNDB-2007-003769 // CNNVD: CNNVD-200704-577 // NVD: CVE-2007-2334

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2334

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200704-577

TYPE

Design Error

Trust: 0.9

sources: BID: 23562 // CNNVD: CNNVD-200704-577

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003769

PATCH
title:Top pageurl:http://www.nortel-canada.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-003769

EXTERNAL IDS
db:NVDid:CVE-2007-2334
Trust: 2.8
db:BIDid:23562
Trust: 2.0
db:SECUNIAid:24962
Trust: 1.8
db:VUPENid:ADV-2007-1464
Trust: 1.7
db:OSVDBid:35056
Trust: 1.7
db:SECTRACKid:1017943
Trust: 1.7
db:JVNDBid:JVNDB-2007-003769
Trust: 0.8
db:CNNVDid:CNNVD-200704-577
Trust: 0.6
db:VULHUBid:VHN-25696
Trust: 0.1
db:PACKETSTORMid:56107
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25696 // 
            
            
            
            BID: 23562 // 
            
            
            
            JVNDB: JVNDB-2007-003769 // 
            
            
            
            PACKETSTORM: 56107 // 
            
            
            
            CNNVD: CNNVD-200704-577 // 
            
            
            
            NVD: CVE-2007-2334

REFERENCES
url:http://www.securityfocus.com/bid/23562
Trust: 1.7
url:http://osvdb.org/35056
Trust: 1.7
url:http://www.securitytracker.com/id?1017943
Trust: 1.7
url:http://secunia.com/advisories/24962
Trust: 1.7
url:http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail&documentoid=567877&renditionid=&poid=null
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/1464
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2334
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2334
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/1464
Trust: 0.6
url:http://www.nortelnetworks.com/products/01/contivity/index.html
Trust: 0.3
url:http://www.nortel.com/
Trust: 0.3
url:http://www116.nortelnetworks.com/pub/repository/clarify/document/2007/16/022181-01.pdf
Trust: 0.3
url:http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail&documentoid=567877&renditionid=&poid=null
Trust: 0.1
url:http://secunia.com/advisories/24962/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://corporate.secunia.com/trial/38/request/
Trust: 0.1
url:http://secunia.com/product/2426/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/2425/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25696 // 
            
            
            
            BID: 23562 // 
            
            
            
            JVNDB: JVNDB-2007-003769 // 
            
            
            
            PACKETSTORM: 56107 // 
            
            
            
            CNNVD: CNNVD-200704-577 // 
            
            
            
            NVD: CVE-2007-2334

CREDITS
Detack GmbH
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200704-577

SOURCES
db:VULHUBid:VHN-25696
db:BIDid:23562
db:JVNDBid:JVNDB-2007-003769
db:PACKETSTORMid:56107
db:CNNVDid:CNNVD-200704-577
db:NVDid:CVE-2007-2334

LAST UPDATE DATE
2025-04-10T23:01:15.489000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-25696date:2011-03-08T00:00:00
db:BIDid:23562date:2016-07-06T14:39:00
db:JVNDBid:JVNDB-2007-003769date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200704-577date:2007-04-30T00:00:00
db:NVDid:CVE-2007-2334date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-25696date:2007-04-27T00:00:00
db:BIDid:23562date:2007-04-19T00:00:00
db:JVNDBid:JVNDB-2007-003769date:2012-09-25T00:00:00
db:PACKETSTORMid:56107date:2007-04-20T21:50:15
db:CNNVDid:CNNVD-200704-577date:2007-04-27T00:00:00
db:NVDid:CVE-2007-2334date:2007-04-27T16:19:00