CNVD-2017-33799

Vulnerability from cnvd - Published: 2017-11-14
VLAI Severity ?
Title
多款Unify产品信息泄露漏洞
Description
Unify OpenStage 60等都是美国优力飞(Unify)公司的IP电话机。 多款Unify产品中存在信息泄露漏洞,该漏洞源于程序未能使用唯一的X.509证书和SSH主机密钥。远程攻击者可利用该漏洞实施中间人攻击或解密合法用户和设备之间的通讯。
Severity
Formal description

厂商尚未提供漏洞修复方案,请关注厂商主页及时更新: https://unify.com/us/

Reference
http://www.kb.cert.org/vuls/id/566724
Impacted products
Name
['Unify OpenStage 60', 'Unify OpenScape Desk Phone IP 55G SIP V3', 'Unify OpenScape Desk Phone IP 35G SIP V3', 'Unify OpenStage 40', 'Unify OpenStage 20', 'Unify OpenStage 20E', 'Unify OpenStage 15', 'Unify OpenScape Desk Phone IP 55G HFA V3', 'Unify OpenScape Desk Phone IP 35G HFA V3', 'Unify OpenScape Desk Phone IP 35G Eco HFA V3']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-8251"
    }
  },
  "description": "Unify OpenStage 60\u7b49\u90fd\u662f\u7f8e\u56fd\u4f18\u529b\u98de\uff08Unify\uff09\u516c\u53f8\u7684IP\u7535\u8bdd\u673a\u3002\r\n\r\n\u591a\u6b3eUnify\u4ea7\u54c1\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u4f7f\u7528\u552f\u4e00\u7684X.509\u8bc1\u4e66\u548cSSH\u4e3b\u673a\u5bc6\u94a5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\u6216\u89e3\u5bc6\u5408\u6cd5\u7528\u6237\u548c\u8bbe\u5907\u4e4b\u95f4\u7684\u901a\u8baf\u3002",
  "discovererName": "Stefan Viehb\u00f6ck of SEC Consult",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://unify.com/us/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33799",
  "openTime": "2017-11-14",
  "products": {
    "product": [
      "Unify OpenStage 60",
      "Unify OpenScape Desk Phone IP 55G SIP V3",
      "Unify OpenScape Desk Phone IP 35G SIP V3",
      "Unify OpenStage 40",
      "Unify OpenStage 20",
      "Unify OpenStage 20E",
      "Unify OpenStage 15",
      "Unify OpenScape Desk Phone IP 55G HFA V3",
      "Unify OpenScape Desk Phone IP 35G HFA V3",
      "Unify OpenScape Desk Phone IP 35G Eco HFA V3"
    ]
  },
  "referenceLink": "http://www.kb.cert.org/vuls/id/566724",
  "serverity": "\u4e2d",
  "submitTime": "2017-11-13",
  "title": "\u591a\u6b3eUnify\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.