Vulnerabilites related to atos - openscape_desk_phone_ip_35g_eco
Vulnerability from fkie_nvd
Published
2018-04-12 21:29
Modified
2024-11-21 02:19
Severity ?
Summary
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://networks.unify.com/security/advisories/OBSO-1501-02.pdf | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://networks.unify.com/security/advisories/OBSO-1501-02.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| unify | openstage_sip | * | |
| unify | openstage_20 | - | |
| unify | openstage_40 | - | |
| unify | openstage_60 | - | |
| unify | openscape_desk_phone_ip_sip | * | |
| atos | openscape_desk_phone_ip_35g | - | |
| atos | openscape_desk_phone_ip_35g_eco | - | |
| atos | openscape_desk_phone_ip_55g | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7228102B-6691-4602-A074-11B953C0D681",
"versionEndExcluding": "r3.32.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:unify:openstage_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8FFABC-782E-43BB-A402-C20B6B92342A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:unify:openstage_40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BBDFB6-DDA4-4E2C-8DEA-EDD6C07BB0A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:unify:openstage_60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E660AD8F-0961-4BB8-A453-57FFC205C062",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF4C6F5-E9A5-48E1-8E55-0D7204BA2DC3",
"versionEndExcluding": "r3.32.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96DC9F9D-8C29-4524-9740-5216E93F86FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D542112-CDD8-4BEA-B52C-507BCC879279",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC85895E-4D76-47EF-806D-8B6DB7058D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack."
},
{
"lang": "es",
"value": "La interfaz de gesti\u00f3n web en dispositivos Unify (anteriormente Siemens) OpenStage SIP y OpenScape Desk Phone IP V3, en versiones anteriores a la R3.32.0, genera cookies de sesi\u00f3n con una entrop\u00eda suficiente. Esto hace que sea m\u00e1s f\u00e1cil que los atacantes remotos secuestren sesiones mediante un ataque de fuerza bruta."
}
],
"id": "CVE-2014-8422",
"lastModified": "2024-11-21T02:19:03.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-12T21:29:00.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-09 13:15
Modified
2024-11-21 02:06
Severity ?
Summary
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_80_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "E19944A8-83CA-434E-9D3C-F9808D47F068",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6780852-3E56-4553-88AA-1B8CEA8F87A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_80_g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "EE79014B-2864-451C-B60D-EEB36A0B9323",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_80_g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "963224F7-A0C7-4774-916A-92A007587F70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_60_g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "C8CAD706-822F-485D-86D4-FEAA033F63E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_60_g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0BD767-A942-4456-A540-8078B09456F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_60_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "99345E78-CF71-4C13-8C96-74EBA79C5525",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A163B0DE-8C41-406C-BE89-A1439EFF2B32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_40_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "C7D33C3E-1376-4F17-B18A-9E246369B43F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42F35A55-08CF-4E96-B73B-D0AFD8F7BD63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_40_g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "F18FD5BD-C587-4E6C-85B6-FDE28B01D4EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_40_g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64C222E-ACF0-46D2-A8D5-7DE0887FD50E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_20_e_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "AF0AE39B-8AE2-4B7E-947E-1A2115AE5F99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_20_e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976F09BB-2188-4705-B958-39A6CFD17337",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_20_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "2A55A1A3-53B6-48A7-B4FE-86A2A33C5C91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B7BE92-C6BC-413D-B86C-A6CAF49014C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_20_g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "03C7C278-A172-49CF-8334-97908AF2E717",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_20_g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBE6841-B9DA-4C79-BDEE-03727A6722C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_15_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "A3F6E9F9-BB42-42AE-8326-1634228F3F1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EAED50-BBC7-4F81-AE6D-8F5F136B6A1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_15_g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "DF6A9E57-05AC-486A-A373-AE053612957A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_15_g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "370F955D-6156-4391-B8D2-F2E0BD35E138",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openscape_desk_phone_ip_35g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "7F69B531-2AB5-4451-B7BE-85DA2A2FA3C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96DC9F9D-8C29-4524-9740-5216E93F86FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openscape_desk_phone_ip_35g_eco_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "FD0176DA-4D65-47B0-89F4-ECBEF1562EDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D542112-CDD8-4BEA-B52C-507BCC879279",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openscape_desk_phone_ip_55g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "4F93B78E-826A-4708-A0F7-C0DFF8326577",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC85895E-4D76-47EF-806D-8B6DB7058D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface"
},
{
"lang": "es",
"value": "Unifique OpenStage/OpenScape Desk Phone IP SIP versiones anteriores a V3 R3.11.0, presenta una omisi\u00f3n de autenticaci\u00f3n en el modo predeterminado de la Interfaz Workpoint."
}
],
"id": "CVE-2014-2651",
"lastModified": "2024-11-21T02:06:43.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-09T13:15:10.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-09 13:15
Modified
2024-11-21 02:06
Severity ?
Summary
Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_80_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "E19944A8-83CA-434E-9D3C-F9808D47F068",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6780852-3E56-4553-88AA-1B8CEA8F87A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_80_g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "EE79014B-2864-451C-B60D-EEB36A0B9323",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_80_g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "963224F7-A0C7-4774-916A-92A007587F70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_60_g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "C8CAD706-822F-485D-86D4-FEAA033F63E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_60_g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0BD767-A942-4456-A540-8078B09456F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_60_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "99345E78-CF71-4C13-8C96-74EBA79C5525",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A163B0DE-8C41-406C-BE89-A1439EFF2B32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_40_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "C7D33C3E-1376-4F17-B18A-9E246369B43F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42F35A55-08CF-4E96-B73B-D0AFD8F7BD63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_40_g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "F18FD5BD-C587-4E6C-85B6-FDE28B01D4EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_40_g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64C222E-ACF0-46D2-A8D5-7DE0887FD50E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_20_e_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "AF0AE39B-8AE2-4B7E-947E-1A2115AE5F99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_20_e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976F09BB-2188-4705-B958-39A6CFD17337",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_20_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "2A55A1A3-53B6-48A7-B4FE-86A2A33C5C91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B7BE92-C6BC-413D-B86C-A6CAF49014C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_20_g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "03C7C278-A172-49CF-8334-97908AF2E717",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_20_g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBE6841-B9DA-4C79-BDEE-03727A6722C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_15_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "A3F6E9F9-BB42-42AE-8326-1634228F3F1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EAED50-BBC7-4F81-AE6D-8F5F136B6A1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_15_g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "DF6A9E57-05AC-486A-A373-AE053612957A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_15_g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "370F955D-6156-4391-B8D2-F2E0BD35E138",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openstage_5_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "97BB2DF0-FCD9-4536-B00A-84E9E5144F4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openstage_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "101837FB-AABC-4C9D-BA88-464D65DBE82A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openscape_desk_phone_ip_35g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "7F69B531-2AB5-4451-B7BE-85DA2A2FA3C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96DC9F9D-8C29-4524-9740-5216E93F86FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openscape_desk_phone_ip_35g_eco_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "FD0176DA-4D65-47B0-89F4-ECBEF1562EDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D542112-CDD8-4BEA-B52C-507BCC879279",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:atos:openscape_desk_phone_ip_55g_firmware:v3:r3.11.0:*:*:*:*:*:*",
"matchCriteriaId": "4F93B78E-826A-4708-A0F7-C0DFF8326577",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC85895E-4D76-47EF-806D-8B6DB7058D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface"
},
{
"lang": "es",
"value": "Unify OpenStage / OpenScape Desk Phone IP versiones anteriores a V3 R3.11.0 SIP, presenta una vulnerabilidad de inyecci\u00f3n de comandos de Sistema Operativo en la interfaz de administraci\u00f3n basada en web."
}
],
"id": "CVE-2014-2650",
"lastModified": "2024-11-21T02:06:43.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-09T13:15:10.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1403-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1403-01.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-12 21:29
Modified
2024-11-21 02:19
Severity ?
Summary
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://networks.unify.com/security/advisories/OBSO-1501-02.pdf | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://networks.unify.com/security/advisories/OBSO-1501-02.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| unify | openstage_sip | * | |
| unify | openstage_20 | - | |
| unify | openstage_40 | - | |
| unify | openstage_60 | - | |
| unify | openscape_desk_phone_ip_sip | * | |
| atos | openscape_desk_phone_ip_35g | - | |
| atos | openscape_desk_phone_ip_35g_eco | - | |
| atos | openscape_desk_phone_ip_55g | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7228102B-6691-4602-A074-11B953C0D681",
"versionEndExcluding": "r3.32.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:unify:openstage_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8FFABC-782E-43BB-A402-C20B6B92342A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:unify:openstage_40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BBDFB6-DDA4-4E2C-8DEA-EDD6C07BB0A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:unify:openstage_60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E660AD8F-0961-4BB8-A453-57FFC205C062",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF4C6F5-E9A5-48E1-8E55-0D7204BA2DC3",
"versionEndExcluding": "r3.32.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96DC9F9D-8C29-4524-9740-5216E93F86FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D542112-CDD8-4BEA-B52C-507BCC879279",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC85895E-4D76-47EF-806D-8B6DB7058D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy."
},
{
"lang": "es",
"value": "Los dispositivos Unify (anteriormente Siemens) OpenStage SIP y OpenScape Desk Phone IP V3, en versiones anteriores a la R3.32.0, permiten que atacantes remotos obtengan privilegios de superusuario aprovechando el acceso SSH y la propiedad incorrecta de (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh o (20) appWeb en /Opera_Deploy."
}
],
"id": "CVE-2014-8421",
"lastModified": "2024-11-21T02:19:03.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-12T21:29:00.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-12 21:29
Modified
2024-11-21 02:21
Severity ?
Summary
CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| unify | openstage_sip | * | |
| unify | openstage_20 | - | |
| unify | openstage_40 | - | |
| unify | openstage_60 | - | |
| unify | openscape_desk_phone_ip_sip | * | |
| atos | openscape_desk_phone_ip_35g | - | |
| atos | openscape_desk_phone_ip_35g_eco | - | |
| atos | openscape_desk_phone_ip_55g | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7228102B-6691-4602-A074-11B953C0D681",
"versionEndExcluding": "r3.32.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:unify:openstage_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8FFABC-782E-43BB-A402-C20B6B92342A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:unify:openstage_40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BBDFB6-DDA4-4E2C-8DEA-EDD6C07BB0A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:unify:openstage_60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E660AD8F-0961-4BB8-A453-57FFC205C062",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF4C6F5-E9A5-48E1-8E55-0D7204BA2DC3",
"versionEndExcluding": "r3.32.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96DC9F9D-8C29-4524-9740-5216E93F86FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D542112-CDD8-4BEA-B52C-507BCC879279",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC85895E-4D76-47EF-806D-8B6DB7058D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en la interfaz de gesti\u00f3n web (WBM) en dispositivos Unify (anteriormente Siemens) OpenStage SIP y OpenScape Desk Phone IP V3, en versiones anteriores a la R3.32.0, permite que usuarios autenticados remotos modifiquen la contrase\u00f1a root y, en consecuencia, accedan al puerto de depuraci\u00f3n empleando la interfaz en serie mediante el par\u00e1metro ssh-password en page.cmd."
}
],
"id": "CVE-2014-9563",
"lastModified": "2024-11-21T02:21:08.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-12T21:29:00.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-93"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-8422 (GCVE-0-2014-8422)
Vulnerability from cvelistv5
Published
2018-04-12 21:00
Modified
2024-08-06 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://networks.unify.com/security/advisories/OBSO-1501-02.pdf | x_refsource_CONFIRM | |
| https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf",
"refsource": "CONFIRM",
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"name": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt",
"refsource": "MISC",
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8422",
"datePublished": "2018-04-12T21:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:48.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2651 (GCVE-0-2014-2651)
Vulnerability from cvelistv5
Published
2020-01-09 12:52
Modified
2024-08-06 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:36.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T12:52:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf",
"refsource": "MISC",
"url": "https://networks.unify.com/security/advisories/OBSO-1403-02.pdf"
},
{
"name": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx",
"refsource": "MISC",
"url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2651",
"datePublished": "2020-01-09T12:52:39",
"dateReserved": "2014-03-24T00:00:00",
"dateUpdated": "2024-08-06T10:21:36.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8421 (GCVE-0-2014-8421)
Vulnerability from cvelistv5
Published
2018-04-12 21:00
Modified
2024-08-06 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.
References
| ▼ | URL | Tags |
|---|---|---|
| https://networks.unify.com/security/advisories/OBSO-1501-02.pdf | x_refsource_CONFIRM | |
| https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf",
"refsource": "CONFIRM",
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"name": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt",
"refsource": "MISC",
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8421",
"datePublished": "2018-04-12T21:00:00",
"dateReserved": "2014-10-22T00:00:00",
"dateUpdated": "2024-08-06T13:18:48.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2650 (GCVE-0-2014-2650)
Vulnerability from cvelistv5
Published
2020-01-09 13:00
Modified
2024-08-06 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1403-01.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T13:07:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1403-01.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://networks.unify.com/security/advisories/OBSO-1403-01.pdf",
"refsource": "CONFIRM",
"url": "https://networks.unify.com/security/advisories/OBSO-1403-01.pdf"
},
{
"name": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx",
"refsource": "MISC",
"url": "http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2650",
"datePublished": "2020-01-09T13:00:21",
"dateReserved": "2014-03-24T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9563 (GCVE-0-2014-9563)
Vulnerability from cvelistv5
Published
2018-04-12 21:00
Modified
2024-08-06 13:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd.
References
| ▼ | URL | Tags |
|---|---|---|
| https://networks.unify.com/security/advisories/OBSO-1501-02.pdf | x_refsource_CONFIRM | |
| https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf",
"refsource": "CONFIRM",
"url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
},
{
"name": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt",
"refsource": "MISC",
"url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9563",
"datePublished": "2018-04-12T21:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}