CVE-2004-0056

Current Description

Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

Basic Data

PublishedFebruary 17, 2004
Last ModifiedSeptember 05, 2008
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationNortelBusiness Communications Manager********
    2.3HardwareNortel802.11 Wireless Ip Gateway********
    2.3HardwareNortelSuccession Communication Server 1000********

Vulnerable Software List

VendorProductVersions
Nortel Business Communications Manager *
Nortel 802.11 Wireless Ip Gateway *
Nortel Succession Communication Server 1000 *

References

NameSourceURLTags
CA-2004-01http://www.cert.org/advisories/CA-2004-01.htmlCERTPATCH Third Party Advisory US Government Resource
VU#749342http://www.kb.cert.org/vuls/id/749342CERT-VNPATCH Third Party Advisory US Government Resource
9406http://www.securityfocus.com/bid/9406BID
1008687http://www.securitytracker.com/id?1008687SECTRACK
http://www.uniras.gov.uk/vuls/2004/006489/h323.htmhttp://www.uniras.gov.uk/vuls/2004/006489/h323.htmMISC