CVE-2015-8251 — MEDIUM (5.9)

Vulnerability Description

OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Unify	Openstage 60 Firmware	3.0
Unify	Openstage 60	-
Unify	Openscape Desk Phone Ip 55G Sip Firmware	3.0
Unify	Openscape Desk Phone Ip 55G Sip	-
Unify	Openstage 15 Firmware	3.0
Unify	Openstage 15	-
Unify	Openstage 20E Firmware	3.0
Unify	Openstage 20E	-
Unify	Openstage 20 Firmware	3.0
Unify	Openstage 20	-
Unify	Openstage 40 Firmware	3.0
Unify	Openstage 40	-
Unify	Openscape Desk Phone Ip 35G Sip Firmware	3.0
Unify	Openscape Desk Phone Ip 35G Sip	-
Unify	Openscape Desk Phone Ip 35G Eco Sip Firmware	3.0
Unify	Openscape Desk Phone Ip 35G Eco Sip	-
Unify	Openscape Desk Phone Ip 55G Hfa Firmware	3.0
Unify	Openscape Desk Phone Ip 55G Hfa	-
Unify	Openscape Desk Phone Ip 35G Hfa Firmware	3.0
Unify	Openscape Desk Phone Ip 35G Hfa	-

Related Weaknesses (CWE)

CWE-200

References

http://www.kb.cert.org/vuls/id/566724Third Party AdvisoryUS Government Resource
https://networks.unify.com/security/advisories/OBSO-1511-02-A.pdfVendor Advisory
https://networks.unify.com/security/advisories/OBSO-1511-02.pdfVendor Advisory
https://www.kb.cert.org/vuls/id/BLUU-A2PPZEThird Party AdvisoryUS Government Resource
http://www.kb.cert.org/vuls/id/566724Third Party AdvisoryUS Government Resource
https://networks.unify.com/security/advisories/OBSO-1511-02-A.pdfVendor Advisory
https://networks.unify.com/security/advisories/OBSO-1511-02.pdfVendor Advisory
https://www.kb.cert.org/vuls/id/BLUU-A2PPZEThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2015-8251?

CVE-2015-8251 is a vulnerability with a CVSS score of 5.9 (MEDIUM). OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone ...

How severe is CVE-2015-8251?

CVE-2015-8251 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8251?

Check the references section above for vendor advisories and patch information. Affected products include: Unify Openstage 60 Firmware, Unify Openstage 60, Unify Openscape Desk Phone Ip 55G Sip Firmware, Unify Openscape Desk Phone Ip 55G Sip, Unify Openstage 15 Firmware.