Lucene search

[email protected]CVE-2014-2651

HistoryJan 09, 2020 - 1:15 p.m.

CVE-2014-2651

2020-01-0913:15:10

CWE-287

[email protected]

web.nvd.nist.gov

cve-2014-2651

unify

openstage

openscape

desk phone

ip sip

authentication bypass

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface

Affected configurations

NVD

Node

atosopenstage_80_firmwareMatchv3r3.11.0

AND

atosopenstage_80Match-

Node

atosopenstage_80_g_firmwareMatchv3r3.11.0

AND

atosopenstage_80_gMatch-

Node

atosopenstage_60_g_firmwareMatchv3r3.11.0

AND

atosopenstage_60_gMatch-

Node

atosopenstage_60_firmwareMatchv3r3.11.0

AND

atosopenstage_60Match-

Node

atosopenstage_40_firmwareMatchv3r3.11.0

AND

atosopenstage_40Match-

Node

atosopenstage_40_g_firmwareMatchv3r3.11.0

AND

atosopenstage_40_gMatch-

Node

atosopenstage_20_e_firmwareMatchv3r3.11.0

AND

atosopenstage_20_eMatch-

Node

atosopenstage_20_firmwareMatchv3r3.11.0

AND

atosopenstage_20Match-

Node

atosopenstage_20_g_firmwareMatchv3r3.11.0

AND

atosopenstage_20_gMatch-

Node

atosopenstage_15_firmwareMatchv3r3.11.0

AND

atosopenstage_15Match-

Node

atosopenstage_15_g_firmwareMatchv3r3.11.0

AND

atosopenstage_15_gMatch-

Node

atosopenscape_desk_phone_ip_35g_firmwareMatchv3r3.11.0

AND

atosopenscape_desk_phone_ip_35gMatch-

Node

atosopenscape_desk_phone_ip_35g_eco_firmwareMatchv3r3.11.0

AND

atosopenscape_desk_phone_ip_35g_ecoMatch-

Node

atosopenscape_desk_phone_ip_55g_firmwareMatchv3r3.11.0

AND

atosopenscape_desk_phone_ip_55gMatch-

CPENameOperatorVersion
atos:openstage_80_firmwareatos openstage 80 firmwareeqv3

CPE	Name	Operator	Version
atos:openstage_80_firmware	atos openstage 80 firmware	eq	v3

References

assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx

networks.unify.com/security/advisories/OBSO-1403-02.pdf

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Related for CVE-2014-2651

nvd1 prion1 cvelist1