CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-04-12T21:00:00
Updated: 2024-08-06T13:47:41.671Z
Reserved: 2015-01-07T00:00:00
Link: CVE-2014-9563
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-04-12T21:29:00.597
Modified: 2024-11-21T02:21:08.113
Link: CVE-2014-9563
Redhat
No data.