{ "id": "CVE-2007-2332", "sourceIdentifier": "cve@mitre.org", "published": "2007-04-27T16:19:00.000", "lastModified": "2011-03-08T02:54:01.297", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store." }, { "lang": "es", "value": "Nortel VPN Router (tambi\u00e9n conocido como Contivity) 1000, 2000, 4000, y 5000 anterior a 6_05.140 utiliza una llave DES para encriptar contrase\u00f1as, lo cual permite a usuarios remotos validados obtener una contrase\u00f1a a trav\u00e9s de ataques por fuerza bruta sobre un hash desde el LDAP almacenado." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.0 }, "baseSeverity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": true, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:h:nortel:vpn_router_1010:*:*:*:*:*:*:*:*", "matchCriteriaId": "370BE654-2A89-4FA9-BE88-3E4CA19441FC" }, { "vulnerable": true, "criteria": "cpe:2.3:h:nortel:vpn_router_1050:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD74483C-842C-4E01-A786-C34866B548FA" }, { "vulnerable": true, "criteria": "cpe:2.3:h:nortel:vpn_router_1100:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DC585A5-DBBE-4236-801A-F52523A5C5DF" }, { "vulnerable": true, "criteria": "cpe:2.3:h:nortel:vpn_router_1700:*:*:*:*:*:*:*:*", "matchCriteriaId": "B922ADAB-F42F-4113-8222-0493FE74CF6F" }, { "vulnerable": true, "criteria": "cpe:2.3:h:nortel:vpn_router_1740:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF2FF1CE-97F7-4951-8FD7-59657670BF05" }, { "vulnerable": true, "criteria": "cpe:2.3:h:nortel:vpn_router_1750:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B7D4D62-CB44-437C-A30C-F65DB36DE01F" }, { "vulnerable": true, "criteria": "cpe:2.3:h:nortel:vpn_router_2700:*:*:*:*:*:*:*:*", "matchCriteriaId": "23377D6E-6C2C-425B-A6DC-E5319B327DC3" }, { "vulnerable": true, "criteria": "cpe:2.3:h:nortel:vpn_router_5000:*:*:*:*:*:*:*:*", "matchCriteriaId": "9050DFE2-99C6-41F0-AD1D-5EDFB9B15D8C" } ] } ] } ], "references": [ { "url": "http://secunia.com/advisories/24962", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/23562", "source": "cve@mitre.org" }, { "url": "http://www.vupen.com/english/advisories/2007/1464", "source": "cve@mitre.org" }, { "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null", "source": "cve@mitre.org" } ] }