CVE-2014-2651
CRITICALUnify OpenStage/OpenScape Desk Phone IP <V3 R3.11.0 - Auth Bypass
Title source: llmDescription
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://networks.unify.com/security/advisories/OBSO-1403-02.pdf
Third Party Advisory x_refsource_misc
http://assets.yourcircuit.com/Internet/web/Container%20Site/Misc/Footer-content/privacy-policy/security-advisories.aspx
Scores
CVSS v3
9.8
EPSS
0.0170
EPSS Percentile
74.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (14)
atos/openscape_desk_phone_ip_35g_eco_firmware
v3 r3.11.0
atos/openscape_desk_phone_ip_35g_firmware
v3 r3.11.0
atos/openscape_desk_phone_ip_55g_firmware
v3 r3.11.0
atos/openstage_15_firmware
v3 r3.11.0
atos/openstage_15_g_firmware
v3 r3.11.0
atos/openstage_20_e_firmware
v3 r3.11.0
atos/openstage_20_firmware
v3 r3.11.0
atos/openstage_20_g_firmware
v3 r3.11.0
atos/openstage_40_firmware
v3 r3.11.0
atos/openstage_40_g_firmware
v3 r3.11.0
... and 4 more
Published
Jan 09, 2020
Tracked Since
Feb 18, 2026