Vulnerability Details CVE-2014-8421
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 8.5
References
Products affected by CVE-2014-8421
-
cpe:2.3:a:unify:openscape_desk_phone_ip_sip:r3.11.0
-
cpe:2.3:a:unify:openscape_desk_phone_ip_sip:r3.17.0
-
cpe:2.3:a:unify:openscape_desk_phone_ip_sip:r3.24.0
-
cpe:2.3:a:unify:openscape_desk_phone_ip_sip:r3.9.0
-
cpe:2.3:a:unify:openstage_sip:r1.31.0
-
cpe:2.3:a:unify:openstage_sip:r1.35.0
-
cpe:2.3:a:unify:openstage_sip:r1.38.0
-
cpe:2.3:a:unify:openstage_sip:r1.41.0
-
cpe:2.3:a:unify:openstage_sip:r1.43.0
-
cpe:2.3:a:unify:openstage_sip:r1.44.0
-
cpe:2.3:a:unify:openstage_sip:r1.49.0
-
cpe:2.3:a:unify:openstage_sip:r1.50.0
-
cpe:2.3:a:unify:openstage_sip:r3.11.0
-
cpe:2.3:a:unify:openstage_sip:r3.17.0
-
cpe:2.3:a:unify:openstage_sip:r3.24.0
-
cpe:2.3:a:unify:openstage_sip:r3.9.0
-
cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-
-
cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-
-
cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-
-
cpe:2.3:h:unify:openstage_20:-
-
cpe:2.3:h:unify:openstage_40:-
-
cpe:2.3:h:unify:openstage_60:-