Analyst readout for executives and security teams
Plain-English summary
This CVE concerns Nortel VPN Router, also known as Contivity, shipping LDAP templates with default accounts. If those accounts remain usable, a remote attacker might gain access to the private network through the VPN appliance. The public bundle does not provide CVSS scoring or confirmed exploit activity.
Executive priority
Prioritize discovery and remediation if these VPN appliances are still present. Default credentials on remote access infrastructure can create direct private-network exposure, even without confirmed active exploitation in the provided sources.
Technical view
Affected Nortel VPN Router 1000, 2000, 4000, and 5000 releases include FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template. The CVE lists exposure before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140. Impact is potential remote private-network access.
Likely exposure
Exposure is limited to organizations running the named Nortel VPN Router or Contivity models and vulnerable software versions. Highest concern is internet-facing VPN infrastructure or environments where these LDAP template accounts were imported and left active.
Exploitation context
The source bundle states remote attackers might access the private network, but it does not cite public exploit code, exploitation in the wild, or CISA KEV listing. Treat exploit status as unconfirmed from the provided evidence.
Researcher notes
The bundle has limited metadata: no CVSS, CWE, CPE, or detailed vendor remediation text. The description itself provides affected model families, vulnerable version ranges, account names, and the likely impact. Avoid claiming broader Nortel products are affected.
Mitigation direction
- Identify any Nortel VPN Router or Contivity 1000, 2000, 4000, or 5000 appliances.
- Upgrade to releases not listed as vulnerable in the CVE record.
- Review Nortel advisory guidance before applying compensating controls.
- Remove or disable vendor default accounts only according to vendor-supported procedures.
- Restrict VPN administrative and authentication exposure where operationally possible.
Validation and detection
- Inventory deployed appliance models and record exact software versions.
- Check LDAP templates for FIPSecryptedtest1219 and FIPSunecryptedtest1219 accounts.
- Confirm vulnerable versions were upgraded beyond the CVE-listed affected ranges.
- Review VPN authentication logs for unexpected use of the listed account names.
- Verify no internet-facing legacy VPN appliance remains unreviewed.
Public sources used
Based on public source material and reviewed before publication.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2007-2333 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- 1017943CVE reference · vdb-entry, x_refsource_SECTRACK
- 23562CVE reference · vdb-entry, x_refsource_BID
- 24962CVE reference · third-party-advisory, x_refsource_SECUNIA
- 35055CVE reference · vdb-entry, x_refsource_OSVDB
- ADV-2007-1464CVE reference · vdb-entry, x_refsource_VUPEN
- http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=nullCVE reference · x_refsource_CONFIRM
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
