A vulnerability has been reported in Nortel CS1000, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error within the processing of packets received through certain ELAN (Embedded LAN) ports, e.g 7734/TCP, 15000/TCP, 15080/TCP, and 15000/UDP. This can potentially be exploited to disable the affected server by flooding specific ELAN ports.
The vulnerability is reported in the following products:
* Enterprise VoIP-Core-CS 1000M Chassis/Cabinet
* Enterprise VoIP-Core-CS 1000E and 1000S
* Meridian-Core-Option 11C - Chassis/Cabinet
* Meridian-Core-Option 51C, 61C, and 81C
Solution: The vendor recommends that customers restrict direct access to the ELAN from unknown devices.
Provided and/or discovered by: Daniel Stirnimann and Cyrill Brunschwiler, Compass Security Network Computing AG.
Original Advisory: Nortel:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Nortel CS1000 Denial of Service Vulnerability
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.