CVE-2026-35089 (GCVE-0-2026-35089)
Vulnerability from cvelistv5 – Published: 2026-05-27 12:42 – Updated: 2026-05-27 15:31
VLAI
Title
Use of Weak Credentials in Slican telephone exchanges
Summary
In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials.
This issue was fixed in versions below:
- IPx series: version 6.61.0040
- CCT-1668: version 6.56.0430
- MAC-6400: version 6.56.0430
- CXS-0424: version 6.30.0510
The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:
- CCT-1668 (CCT1CPU)
- MAC-6400
- CXS-0424
These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.
Severity
CWE
- CWE-1391 - Use of Weak Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.pl/posts/2026/05/CVE-2026-35087 | third-party-advisory |
Impacted products
Date Public
2026-05-27 12:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T15:30:40.190428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T15:31:11.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IPx",
"vendor": "Slican",
"versions": [
{
"lessThan": "6.61.0040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CCT-1668",
"vendor": "Slican",
"versions": [
{
"lessThan": "6.56.0430",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MAC-6400",
"vendor": "Slican",
"versions": [
{
"lessThan": "6.56.0430",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CXS-0424",
"vendor": "Slican",
"versions": [
{
"lessThan": "6.30.0510",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Grupa \u017bN"
}
],
"datePublic": "2026-05-27T12:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhich can be obtained without authentication\u003c/span\u003e. An unauthenticated attacker can deduce the secure key and obtain admin credentials.\u003cbr\u003e\u003cbr\u003eThis issue was fixed in versions below:\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e- IPx series: version 6.61.0040\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e- CCT-1668: version 6.56.0430\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e- MAC-6400: version 6.56.0430\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e- CXS-0424: version 6.30.0510\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eThe issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e- CCT-1668 (\u003cspan style=\"background-color: rgba(221, 223, 228, 0.1);\"\u003eCCT1CPU)\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e- MAC-6400\u003cbr\u003e\u003c/span\u003e- \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCXS-0424\u003cbr\u003e\u003c/span\u003eThese products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading."
}
],
"value": "In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials.\n\nThis issue was fixed in versions below:\n- IPx series: version 6.61.0040\n- CCT-1668: version 6.56.0430\n- MAC-6400: version 6.56.0430\n- CXS-0424: version 6.30.0510\n\nThe issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:\n- CCT-1668 (CCT1CPU)\n- MAC-6400\n- CXS-0424\nThese products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T12:42:19.741Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2026/05/CVE-2026-35087"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use of Weak Credentials in Slican telephone exchanges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2026-35089",
"datePublished": "2026-05-27T12:42:19.741Z",
"dateReserved": "2026-04-01T11:23:16.118Z",
"dateUpdated": "2026-05-27T15:31:11.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-35089\",\"sourceIdentifier\":\"cvd@cert.pl\",\"published\":\"2026-05-27T14:16:44.847\",\"lastModified\":\"2026-05-27T19:38:33.270\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials.\\n\\nThis issue was fixed in versions below:\\n- IPx series: version 6.61.0040\\n- CCT-1668: version 6.56.0430\\n- MAC-6400: version 6.56.0430\\n- CXS-0424: version 6.30.0510\\n\\nThe issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:\\n- CCT-1668 (CCT1CPU)\\n- MAC-6400\\n- CXS-0424\\nThese products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cvd@cert.pl\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"cvd@cert.pl\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1391\"}]}],\"references\":[{\"url\":\"https://cert.pl/posts/2026/05/CVE-2026-35087\",\"source\":\"cvd@cert.pl\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-35089\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-27T15:30:40.190428Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-27T15:31:07.108Z\"}}], \"cna\": {\"title\": \"Use of Weak Credentials in Slican telephone exchanges\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Grupa \\u017bN\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Slican\", \"product\": \"IPx\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.61.0040\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Slican\", \"product\": \"CCT-1668\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.56.0430\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Slican\", \"product\": \"MAC-6400\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.56.0430\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Slican\", \"product\": \"CXS-0424\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.30.0510\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-05-27T12:42:00.000Z\", \"references\": [{\"url\": \"https://cert.pl/posts/2026/05/CVE-2026-35087\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials.\\n\\nThis issue was fixed in versions below:\\n- IPx series: version 6.61.0040\\n- CCT-1668: version 6.56.0430\\n- MAC-6400: version 6.56.0430\\n- CXS-0424: version 6.30.0510\\n\\nThe issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:\\n- CCT-1668 (CCT1CPU)\\n- MAC-6400\\n- CXS-0424\\nThese products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ewhich can be obtained without authentication\u003c/span\u003e. An unauthenticated attacker can deduce the secure key and obtain admin credentials.\u003cbr\u003e\u003cbr\u003eThis issue was fixed in versions below:\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e- IPx series: version 6.61.0040\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e- CCT-1668: version 6.56.0430\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e- MAC-6400: version 6.56.0430\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e- CXS-0424: version 6.30.0510\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eThe issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e- CCT-1668 (\u003cspan style=\\\"background-color: rgba(221, 223, 228, 0.1);\\\"\u003eCCT1CPU)\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e- MAC-6400\u003cbr\u003e\u003c/span\u003e- \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eCXS-0424\u003cbr\u003e\u003c/span\u003eThese products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1391\", \"description\": \"CWE-1391 Use of Weak Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6\", \"shortName\": \"CERT-PL\", \"dateUpdated\": \"2026-05-27T12:42:19.741Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-35089\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-27T15:31:11.828Z\", \"dateReserved\": \"2026-04-01T11:23:16.118Z\", \"assignerOrgId\": \"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6\", \"datePublished\": \"2026-05-27T12:42:19.741Z\", \"assignerShortName\": \"CERT-PL\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…