CVE-2014-2650

Опубликовано: 09 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface

Ссылки

http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx
Third Party Advisory
https://networks.unify.com/security/advisories/OBSO-1403-01.pdf
Vendor Advisory
http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx
Third Party Advisory
https://networks.unify.com/security/advisories/OBSO-1403-01.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:atos:openstage_80_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openstage_80:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:atos:openstage_80_g_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openstage_80_g:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:atos:openstage_60_g_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openstage_60_g:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:atos:openstage_60_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openstage_60:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:atos:openstage_40_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openstage_40:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:atos:openstage_40_g_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openstage_40_g:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:atos:openstage_20_e_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openstage_20_e:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:atos:openstage_20_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openstage_20:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:atos:openstage_20_g_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openstage_20_g:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:atos:openstage_15_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openstage_15:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:atos:openstage_15_g_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openstage_15_g:-:*:*:*:*:*:*:*

Конфигурация 12

Одновременно

cpe:2.3:o:atos:openstage_5_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openstage_5:-:*:*:*:*:*:*:*

Конфигурация 13

Одновременно

cpe:2.3:o:atos:openscape_desk_phone_ip_35g_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*

Конфигурация 14

Одновременно

cpe:2.3:o:atos:openscape_desk_phone_ip_35g_eco_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*

Конфигурация 15

Одновременно

cpe:2.3:o:atos:openscape_desk_phone_ip_55g_firmware:v3:r3.11.0:*:*:*:*:*:*

cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05367

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-2rm4-vgjw-r4jw

github

больше 3 лет назад

Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface

EPSS

Процентиль: 90%

0.05367

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78