Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.
References
Link | Resource |
---|---|
http://cerebusforensics.com/yealink/exploit.html | Exploit Third Party Advisory |
https://sway.office.com/3pCb559LYVuT0eig | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-08T12:02:34
Updated: 2019-10-08T12:02:34
Reserved: 2019-08-04T00:00:00
Link: CVE-2019-14657
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-08T13:15:15.317
Modified: 2019-10-18T14:47:46.397
Link: CVE-2019-14657
JSON object: View
Redhat Information
No data.