CVE-2014-2650
CRITICALUnify OpenStage and OpenScape Desk Phone IP - OS Command Injection via Web Management Interface
Title source: llmDescription
Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://networks.unify.com/security/advisories/OBSO-1403-01.pdf
Third Party Advisory x_refsource_misc
http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx
Scores
CVSS v3
9.8
EPSS
0.0257
EPSS Percentile
83.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (15)
atos/openscape_desk_phone_ip_35g_eco_firmware
v3 r3.11.0
atos/openscape_desk_phone_ip_35g_firmware
v3 r3.11.0
atos/openscape_desk_phone_ip_55g_firmware
v3 r3.11.0
atos/openstage_15_firmware
v3 r3.11.0
atos/openstage_15_g_firmware
v3 r3.11.0
atos/openstage_20_e_firmware
v3 r3.11.0
atos/openstage_20_firmware
v3 r3.11.0
atos/openstage_20_g_firmware
v3 r3.11.0
atos/openstage_40_firmware
v3 r3.11.0
atos/openstage_40_g_firmware
v3 r3.11.0
... and 5 more
Published
Jan 09, 2020
Tracked Since
Feb 18, 2026