LiveActive security incident?Get immediate response
CVE Record

CVE-2007-2333: Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and...

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's Takehigh

Analyst readout for executives and security teams

Plain-English summary

This CVE concerns Nortel VPN Router, also known as Contivity, shipping LDAP templates with default accounts. If those accounts remain usable, a remote attacker might gain access to the private network through the VPN appliance. The public bundle does not provide CVSS scoring or confirmed exploit activity.

Executive priority

Prioritize discovery and remediation if these VPN appliances are still present. Default credentials on remote access infrastructure can create direct private-network exposure, even without confirmed active exploitation in the provided sources.

Technical view

Affected Nortel VPN Router 1000, 2000, 4000, and 5000 releases include FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template. The CVE lists exposure before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140. Impact is potential remote private-network access.

Likely exposure

Exposure is limited to organizations running the named Nortel VPN Router or Contivity models and vulnerable software versions. Highest concern is internet-facing VPN infrastructure or environments where these LDAP template accounts were imported and left active.

Exploitation context

The source bundle states remote attackers might access the private network, but it does not cite public exploit code, exploitation in the wild, or CISA KEV listing. Treat exploit status as unconfirmed from the provided evidence.

Researcher notes

The bundle has limited metadata: no CVSS, CWE, CPE, or detailed vendor remediation text. The description itself provides affected model families, vulnerable version ranges, account names, and the likely impact. Avoid claiming broader Nortel products are affected.

Mitigation direction

  • Identify any Nortel VPN Router or Contivity 1000, 2000, 4000, or 5000 appliances.
  • Upgrade to releases not listed as vulnerable in the CVE record.
  • Review Nortel advisory guidance before applying compensating controls.
  • Remove or disable vendor default accounts only according to vendor-supported procedures.
  • Restrict VPN administrative and authentication exposure where operationally possible.

Validation and detection

  • Inventory deployed appliance models and record exact software versions.
  • Check LDAP templates for FIPSecryptedtest1219 and FIPSunecryptedtest1219 accounts.
  • Confirm vulnerable versions were upgraded beyond the CVE-listed affected ranges.
  • Review VPN authentication logs for unexpected use of the listed account names.
  • Verify no internet-facing legacy VPN appliance remains unreviewed.
Prepared
Confidence
medium
Sources
8

Based on public source material and reviewed before publication.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2007-2333 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
7Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.