Описание
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process.
Ссылки
EPSS
Процентиль: 17%
0.00053
Низкий
7.4 High
CVSS3
Дефекты
CWE-367
Связанные уязвимости
CVSS3: 7.4
github
больше 1 года назад
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process.
EPSS
Процентиль: 17%
0.00053
Низкий
7.4 High
CVSS3
Дефекты
CWE-367