CVE-2019-14260

N/A

Beschreibung

On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.

CVE Details

CVSS v3.1 BewertungN/A

Veroffentlicht8/1/2019

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

al-enterprise:8008al-enterprise:8008_firmware

Schwachen (CWE)

CWE-78

Referenzen

https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Alcatel_8008CloudEditionDeskPhone.pdf?_=1559026340(cve@mitre.org)

https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Alcatel_8008CloudEditionDeskPhone.pdf?_=1559026340(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.