An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process.
[
{
"cpes": [
"cpe:2.3:o:alcatel-lucent:ale_300:-:*:*:*:*:*:*:*"
],
"vendor": "alcatel-lucent",
"product": "ale_300",
"versions": [
{
"status": "affected",
"version": "-"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:alcatel-lucent:ale_400:-:*:*:*:*:*:*:*"
],
"vendor": "alcatel-lucent",
"product": "ale_400",
"versions": [
{
"status": "affected",
"version": "-"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:alcatel-lucent:ale_500:-:*:*:*:*:*:*:*"
],
"vendor": "alcatel-lucent",
"product": "ale_500",
"versions": [
{
"status": "affected",
"version": "-"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:alcatel-lucent:ale_20:-:*:*:*:*:*:*:*"
],
"vendor": "alcatel-lucent",
"product": "ale_20",
"versions": [
{
"status": "affected",
"version": "-"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:alcatel-lucent:ale_30:-:*:*:*:*:*:*:*"
],
"vendor": "alcatel-lucent",
"product": "ale_30",
"versions": [
{
"status": "affected",
"version": "-"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:alcatel-lucent:ale_20h:-:*:*:*:*:*:*:*"
],
"vendor": "alcatel-lucent",
"product": "ale_20h",
"versions": [
{
"status": "affected",
"version": "-"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:alcatel-lucent:ale_30h:-:*:*:*:*:*:*:*"
],
"vendor": "alcatel-lucent",
"product": "ale_30h",
"versions": [
{
"status": "affected",
"version": "-"
}
],
"defaultStatus": "unknown"
}
]