{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T11:46:26.652","vulnerabilities":[{"cve":{"id":"CVE-2014-8421","sourceIdentifier":"cve@mitre.org","published":"2018-04-12T21:29:00.427","lastModified":"2026-06-17T00:16:42.337","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy."},{"lang":"es","value":"Los dispositivos Unify (anteriormente Siemens) OpenStage SIP y OpenScape Desk Phone IP V3, en versiones anteriores a la R3.32.0, permiten que atacantes remotos obtengan privilegios de superusuario aprovechando el acceso SSH y la propiedad incorrecta de (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh o (20) appWeb en /Opera_Deploy."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:C/I:C/A:C","baseScore":8.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":6.8,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*","versionEndExcluding":"r3.32.0","matchCriteriaId":"7228102B-6691-4602-A074-11B953C0D681"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:unify:openstage_20:-:*:*:*:*:*:*:*","matchCriteriaId":"1E8FFABC-782E-43BB-A402-C20B6B92342A"},{"vulnerable":false,"criteria":"cpe:2.3:h:unify:openstage_40:-:*:*:*:*:*:*:*","matchCriteriaId":"95BBDFB6-DDA4-4E2C-8DEA-EDD6C07BB0A1"},{"vulnerable":false,"criteria":"cpe:2.3:h:unify:openstage_60:-:*:*:*:*:*:*:*","matchCriteriaId":"E660AD8F-0961-4BB8-A453-57FFC205C062"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*","versionEndExcluding":"r3.32.0","matchCriteriaId":"5CF4C6F5-E9A5-48E1-8E55-0D7204BA2DC3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*","matchCriteriaId":"96DC9F9D-8C29-4524-9740-5216E93F86FB"},{"vulnerable":false,"criteria":"cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*","matchCriteriaId":"6D542112-CDD8-4BEA-B52C-507BCC879279"},{"vulnerable":false,"criteria":"cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*","matchCriteriaId":"CC85895E-4D76-47EF-806D-8B6DB7058D5E"}]}]}],"references":[{"url":"https://networks.unify.com/security/advisories/OBSO-1501-02.pdf","source":"cve@mitre.org","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://networks.unify.com/security/advisories/OBSO-1501-02.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}