Lucene search

K
cve[email protected]CVE-2014-8422
HistoryApr 12, 2018 - 9:29 p.m.

CVE-2014-8422

2018-04-1221:29:00
CWE-331
web.nvd.nist.gov
20
cve-2014-8422
unify
siemens
openstage
openscape
desk phone ip v3
session hijacking
insufficient entropy
cookies
nvd

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.2%

The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

Affected configurations

NVD
Node
unifyopenstage_sipRange<r3.32.0
AND
unifyopenstage_20Match-
OR
unifyopenstage_40Match-
OR
unifyopenstage_60Match-
Node
unifyopenscape_desk_phone_ip_sipRange<r3.32.0
AND
atosopenscape_desk_phone_ip_35gMatch-
OR
atosopenscape_desk_phone_ip_35g_ecoMatch-
OR
atosopenscape_desk_phone_ip_55gMatch-

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.2%

Related for CVE-2014-8422