Command injection

2020-01-0913:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface

CPENameOperatorVersion
openscape_desk_phone_ip_35g_eco_firmwareeqv3 r3.11.0
openscape_desk_phone_ip_35g_firmwareeqv3 r3.11.0
openscape_desk_phone_ip_55g_firmwareeqv3 r3.11.0
openstage_15_firmwareeqv3 r3.11.0
openstage_15_g_firmwareeqv3 r3.11.0
openstage_20_e_firmwareeqv3 r3.11.0
openstage_20_firmwareeqv3 r3.11.0
openstage_20_g_firmwareeqv3 r3.11.0
openstage_40_firmwareeqv3 r3.11.0
openstage_40_g_firmwareeqv3 r3.11.0

Name	Operator	Version
openscape_desk_phone_ip_35g_eco_firmware	eq	v3 r3.11.0
openscape_desk_phone_ip_35g_firmware	eq	v3 r3.11.0
openscape_desk_phone_ip_55g_firmware	eq	v3 r3.11.0
openstage_15_firmware	eq	v3 r3.11.0
openstage_15_g_firmware	eq	v3 r3.11.0
openstage_20_e_firmware	eq	v3 r3.11.0
openstage_20_firmware	eq	v3 r3.11.0
openstage_20_g_firmware	eq	v3 r3.11.0
openstage_40_firmware	eq	v3 r3.11.0
openstage_40_g_firmware	eq	v3 r3.11.0

Rows per page:

1-10 of 151

References

assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx

networks.unify.com/security/advisories/OBSO-1403-01.pdf