Vulnerability Details : CVE-2014-8422
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
Products affected by CVE-2014-8422
- cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*
- cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8422
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8422
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2014-8422
-
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8422
-
https://networks.unify.com/security/advisories/OBSO-1501-02.pdf
Mitigation;Vendor Advisory
-
https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt
Third Party Advisory
Jump to