CVE-2014-2650 | SynScan

Vulnerability Database

290,273

Total vulnerabilities in the database

CVE-2014-2650

Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface

Published: Jan 9, 2020
Updated: Apr 13, 2023
CVE: CVE-2014-2650
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
atos / openstage_80_firmware	3-r3.11.0	3-r3.11.0.x
atos / openstage_80_g_firmware	3-r3.11.0	3-r3.11.0.x
atos / openstage_60_g_firmware	3-r3.11.0	3-r3.11.0.x
atos / openstage_60_firmware	3-r3.11.0	3-r3.11.0.x
atos / openstage_40_firmware	3-r3.11.0	3-r3.11.0.x
atos / openstage_40_g_firmware	3-r3.11.0	3-r3.11.0.x
atos / openstage_20_e_firmware	3-r3.11.0	3-r3.11.0.x
atos / openstage_20_firmware	3-r3.11.0	3-r3.11.0.x
atos / openstage_20_g_firmware	3-r3.11.0	3-r3.11.0.x
atos / openstage_15_firmware	3-r3.11.0	3-r3.11.0.x
atos / openstage_15_g_firmware	3-r3.11.0	3-r3.11.0.x
atos / openstage_5_firmware	3-r3.11.0	3-r3.11.0.x
atos / openscape_desk_phone_ip_35g_firmware	3-r3.11.0	3-r3.11.0.x
atos / openscape_desk_phone_ip_35g_eco_firmware	3-r3.11.0	3-r3.11.0.x
atos / openscape_desk_phone_ip_55g_firmware	3-r3.11.0	3-r3.11.0.x