Design/Logic Flaw

2018-04-1221:29:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.2%

JSON

The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

CPENameOperatorVersion
openscape_desk_phone_ip_sipeq< r3.32.0
openstage_sipeq< r3.32.0

CPE	Name	Operator	Version
	openscape_desk_phone_ip_sip	eq	< r3.32.0
	openstage_sip	eq	< r3.32.0

References

networks.unify.com/security/advisories/OBSO-1501-02.pdf

www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt