CVE-2014-8421 : Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices befo

Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.

Published 2018-04-12 21:29:00

Updated 2021-09-09 17:47:20

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2014-8421

Unify » Openstage Sip
Versions before (<) r3.32.0
cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*
Matching versions
When used together with: Unify » Openstage 20 » Version: N/A
When used together with: Unify » Openstage 40 » Version: N/A
When used together with: Unify » Openstage 60 » Version: N/A
Unify » Openscape Desk Phone Ip Sip
Versions before (<) r3.32.0
cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*
Matching versions
When used together with: Atos » Openscape Desk Phone Ip 35g » Version: N/A
When used together with: Atos » Openscape Desk Phone Ip 35g Eco » Version: N/A
When used together with: Atos » Openscape Desk Phone Ip 55g » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2014-8421

EPSS FAQ

0.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-8421

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.5	HIGH	AV:N/AC:M/Au:S/C:C/I:C/A:C	6.8	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.5	HIGH	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	1.6	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2014-8421

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-8421

https://networks.unify.com/security/advisories/OBSO-1501-02.pdf

Mitigation;Vendor Advisory

CVEs referencing this url
https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt

Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-8421

Products affected by CVE-2014-8421

Exploit prediction scoring system (EPSS) score for CVE-2014-8421

CVSS scores for CVE-2014-8421

CWE ids for CVE-2014-8421

References for CVE-2014-8421