N/A

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages.

N/A

N/A

Nortel多个VoIP产品UNIStim消息远程窃听漏洞

Nortel IP Phone、IP Softphone等都是Nortel所发布的IP电话设备。 Nortel IP Phone实现上存在漏洞，远程攻击者可能利用此漏洞实现远程现场窃听。 如果用户发送了正确的UNIStim消息的话，就可能将IP电话置于监控模式。UNIStim消息ID必须匹配发送信号的服务器与IP电话之间的ID，但协议仅对ID数使用了16位长度。如果恶意用户发送了65536个穷尽了所有可能ID数的欺骗UNIStim消息的话，就可以打开音频通道，使IP电话的话筒处于远程监听的状态。

N/A

N/A