{ "id": "CVE-2015-8251", "sourceIdentifier": "cret@cert.org", "published": "2017-09-25T21:29:00.913", "lastModified": "2017-10-11T17:53:34.040", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys." }, { "lang": "es", "value": "OpenStage 60 y OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 y 40 y OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 y OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20 y 40 y OpenScape Desk Phone IP 35G HFA V3 y OpenScape Desk Phone IP 35G Eco HFA V3 emplean certificados X.509 y claves del host SSH no \u00fanicas." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.2, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-200" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:unify:openstage_60_firmware:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "147287B6-C539-449A-9F30-A4D7E99F68FE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:unify:openstage_60:-:*:*:*:*:*:*:*", "matchCriteriaId": "E660AD8F-0961-4BB8-A453-57FFC205C062" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:unify:openscape_desk_phone_ip_55g_sip_firmware:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8CD359E8-EF97-4CCF-900A-BACED8BEDC74" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:unify:openscape_desk_phone_ip_55g_sip:-:*:*:*:*:*:*:*", "matchCriteriaId": "54558DAB-7375-4E06-A5DC-110B6963886B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:unify:openstage_15_firmware:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "185454B9-A2EC-4A67-9AF9-003C3B597A90" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:unify:openstage_15:-:*:*:*:*:*:*:*", "matchCriteriaId": "85413B8C-CD66-404A-8128-7C896A3F2583" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:unify:openstage_20e_firmware:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4F654F2-66FF-4DF9-9A5C-93483F66BBF9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:unify:openstage_20e:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDA98506-7FE8-4935-BF06-BF4E8E301C80" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:unify:openstage_20_firmware:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "0973C9AE-177F-4033-9633-31D81D1AD7EA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:unify:openstage_20:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E8FFABC-782E-43BB-A402-C20B6B92342A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:unify:openstage_40_firmware:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E118131B-3EA0-48FE-B15D-4B15BD620565" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:unify:openstage_40:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BBDFB6-DDA4-4E2C-8DEA-EDD6C07BB0A1" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:unify:openscape_desk_phone_ip_35g_sip_firmware:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "730EB27B-C209-4095-9556-169281BD97F7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:unify:openscape_desk_phone_ip_35g_sip:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AF1C62A-F54E-41A5-8CFC-258F0FCCD49B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:unify:openscape_desk_phone_ip_35g_eco_sip_firmware:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C85EAAD-3608-468C-8796-75AC9E979B9C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:unify:openscape_desk_phone_ip_35g_eco_sip:-:*:*:*:*:*:*:*", "matchCriteriaId": "1023B130-DA3A-4200-BFA3-B90CE1523C21" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:unify:openscape_desk_phone_ip_55g_hfa_firmware:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "161E0A5F-313C-499F-9663-74843C2DB442" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:unify:openscape_desk_phone_ip_55g_hfa:-:*:*:*:*:*:*:*", "matchCriteriaId": "5730B600-9252-4781-8EA9-C7155D0E5FA1" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:unify:openscape_desk_phone_ip_35g_hfa_firmware:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "5AB10C0F-19B7-4A56-A04D-CACDDEF8CA16" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:unify:openscape_desk_phone_ip_35g_hfa:-:*:*:*:*:*:*:*", "matchCriteriaId": "A14B60A3-2BCF-4073-9BBF-2CD9956A4EB0" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:unify:openstage_60_firmware:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "147287B6-C539-449A-9F30-A4D7E99F68FE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:unify:openscape_desk_phone_ip_35g_eco_hfa:-:*:*:*:*:*:*:*", "matchCriteriaId": "97B29875-C1A7-4850-8A04-4603BD212AC9" } ] } ] } ], "references": [ { "url": "http://www.kb.cert.org/vuls/id/566724", "source": "cret@cert.org", "tags": [ "Third Party Advisory", "US Government Resource" ] }, { "url": "https://networks.unify.com/security/advisories/OBSO-1511-02-A.pdf", "source": "cret@cert.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://networks.unify.com/security/advisories/OBSO-1511-02.pdf", "source": "cret@cert.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.kb.cert.org/vuls/id/BLUU-A2PPZE", "source": "cret@cert.org", "tags": [ "Third Party Advisory", "US Government Resource" ] } ] }