CVE-2014-8421

Published Apr 12, 2018

Last updated 3 years ago

CVSS high 7.5

Overview

Description: Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 5.9
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 8.5
Impact score: 10
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:unify:openstage_20:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1E8FFABC-782E-43BB-A402-C20B6B92342A"
          },
          {
            "criteria": "cpe:2.3:h:unify:openstage_40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95BBDFB6-DDA4-4E2C-8DEA-EDD6C07BB0A1"
          },
          {
            "criteria": "cpe:2.3:h:unify:openstage_60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E660AD8F-0961-4BB8-A453-57FFC205C062"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7228102B-6691-4602-A074-11B953C0D681",
            "versionEndExcluding": "r3.32.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CF4C6F5-E9A5-48E1-8E55-0D7204BA2DC3",
            "versionEndExcluding": "r3.32.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "96DC9F9D-8C29-4524-9740-5216E93F86FB"
          },
          {
            "criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6D542112-CDD8-4BEA-B52C-507BCC879279"
          },
          {
            "criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CC85895E-4D76-47EF-806D-8B6DB7058D5E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References