CVE-2014-8421 - OpenCVE

Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Unify	Openstage Sip Openstage 20 Openstage 60 Openstage 40 Openscape Desk Phone Ip Sip
Atos	Openscape Desk Phone Ip 55g Openscape Desk Phone Ip 35g Eco Openscape Desk Phone Ip 35g

Configuration 1 [-]

AND

cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:unify:openstage_20:-:::::::*
	cpe:2.3:h:unify:openstage_40:-:::::::*
	cpe:2.3:h:unify:openstage_60:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:::::::*
	cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:::::::*
	cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:::::::*

References

Link	Resource
https://networks.unify.com/security/advisories/OBSO-1501-02.pdf	Mitigation Vendor Advisory
https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-04-12T21:00:00

Updated: 2018-04-12T20:57:01

Reserved: 2014-10-22T00:00:00

Link: CVE-2014-8421

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-04-12T21:29:00.427

Modified: 2021-09-09T17:47:20.180

Link: CVE-2014-8421

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-12T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8421", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf", "refsource": "CONFIRM", "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"}, {"name": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt", "refsource": "MISC", "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-8421", "datePublished": "2018-04-12T21:00:00", "dateReserved": "2014-10-22T00:00:00", "dateUpdated": "2018-04-12T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*", "matchCriteriaId": "7228102B-6691-4602-A074-11B953C0D681", "versionEndExcluding": "r3.32.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:unify:openstage_20:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E8FFABC-782E-43BB-A402-C20B6B92342A", "vulnerable": false}, {"criteria": "cpe:2.3:h:unify:openstage_40:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BBDFB6-DDA4-4E2C-8DEA-EDD6C07BB0A1", "vulnerable": false}, {"criteria": "cpe:2.3:h:unify:openstage_60:-:*:*:*:*:*:*:*", "matchCriteriaId": "E660AD8F-0961-4BB8-A453-57FFC205C062", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CF4C6F5-E9A5-48E1-8E55-0D7204BA2DC3", "versionEndExcluding": "r3.32.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*", "matchCriteriaId": "96DC9F9D-8C29-4524-9740-5216E93F86FB", "vulnerable": false}, {"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D542112-CDD8-4BEA-B52C-507BCC879279", "vulnerable": false}, {"criteria": "cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC85895E-4D76-47EF-806D-8B6DB7058D5E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy."}, {"lang": "es", "value": "Los dispositivos Unify (anteriormente Siemens) OpenStage SIP y OpenScape Desk Phone IP V3, en versiones anteriores a la R3.32.0, permiten que atacantes remotos obtengan privilegios de superusuario aprovechando el acceso SSH y la propiedad incorrecta de (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh o (20) appWeb en /Opera_Deploy."}], "id": "CVE-2014-8421", "lastModified": "2021-09-09T17:47:20.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-12T21:29:00.427", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}