CVE-2007-5637

Name: CVE-2007-5637
Creator: NVD / NIST
Published: 2007-10-23T17:46:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.13%

Last modified Jun 16, 2026

CVE-2007-5637 is a vulnerability of currently unknown severity. The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier.. EPSS estimates a 3.13% chance of exploitation in the next 30 days.

Description

The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier.

Metrics

EPSS Probability

3.13%

86.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Nortel	Business Communications Manager	50
Nortel	Business Communications Manager	50a
Nortel	Business Communications Manager	50e
Nortel	Business Communications Manager	200
Nortel	Business Communications Manager	400
Nortel	Business Communications Manager	1000
Nortel	Business Communications Manager	srg50
Nortel	Business Communications Manager	srg200
Nortel	Centrex Ip Client Manager	All versions
Nortel	Centrex Ip Element Manager	All versions
Nortel	Meridian Option 11c	All versions
Nortel	Meridian Option 51c	All versions
Nortel	Meridian Option 61c	All versions
Nortel	Meridian Option 81c	All versions
Nortel	Meridian Sl100	cs2100
Nortel	Mobile Voice Client 2050	All versions

References

Timeline

Published: Oct 23, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-5637?

How severe is CVE-2007-5637?

Severity scoring for CVE-2007-5637 is pending analysis. The EPSS model estimates a 3.13% probability of exploitation in the next 30 days.

How do I fix CVE-2007-5637?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-5637?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST