CVE-2014-2650

CRITICAL

Unify OpenStage and OpenScape Desk Phone IP - OS Command Injection via Web Management Interface

Title source: llm
STIX 2.1

Description

Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface

Scores

CVSS v3 9.8
EPSS 0.0257
EPSS Percentile 83.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (15)
atos/openscape_desk_phone_ip_35g_eco_firmware v3 r3.11.0
atos/openscape_desk_phone_ip_35g_firmware v3 r3.11.0
atos/openscape_desk_phone_ip_55g_firmware v3 r3.11.0
atos/openstage_15_firmware v3 r3.11.0
atos/openstage_15_g_firmware v3 r3.11.0
atos/openstage_20_e_firmware v3 r3.11.0
atos/openstage_20_firmware v3 r3.11.0
atos/openstage_20_g_firmware v3 r3.11.0
atos/openstage_40_firmware v3 r3.11.0
atos/openstage_40_g_firmware v3 r3.11.0
... and 5 more
Published Jan 09, 2020
Tracked Since Feb 18, 2026