CVE-2014-8421
7.5
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.6 / Impact: 5.9
Source: NVD
Description
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.
Affected (2)
Products: Unify: Openstage Sip, Openscape Desk Phone Ip Sip
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before r3.32.0 |
| Running on/with | Platform Versions |
|---|---|
Unify Openstage 20 | All versions |
Unify Openstage 40 | All versions |
Unify Openstage 60 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before r3.32.0 |
| Running on/with | Platform Versions |
|---|---|
Atos Openscape Desk Phone Ip 35g | All versions |
Atos Openscape Desk Phone Ip 35g Eco | All versions |
Atos Openscape Desk Phone Ip 55g | All versions |
Related CWEs
References (4)
Source: cve@mitre.org
MitigationVendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.