Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-8421

Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.

Published

2018-04-12T21:29:00.427

Last Modified

2024-11-21T02:19:03.320

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

6.8

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application unify openstage_sip < r3.32.0 Yes
Hardware unify openstage_20 - No
Hardware unify openstage_40 - No
Hardware unify openstage_60 - No
Application unify openscape_desk_phone_ip_sip < r3.32.0 Yes
Hardware atos openscape_desk_phone_ip_35g - No
Hardware atos openscape_desk_phone_ip_35g_eco - No
Hardware atos openscape_desk_phone_ip_55g - No
References