{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T17:58:47.989","vulnerabilities":[{"cve":{"id":"CVE-2014-8422","sourceIdentifier":"cve@mitre.org","published":"2018-04-12T21:29:00.473","lastModified":"2024-11-21T02:19:03.470","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack."},{"lang":"es","value":"La interfaz de gestión web en dispositivos Unify (anteriormente Siemens) OpenStage SIP y OpenScape Desk Phone IP V3, en versiones anteriores a la R3.32.0, genera cookies de sesión con una entropía suficiente. Esto hace que sea más fácil que los atacantes remotos secuestren sesiones mediante un ataque de fuerza bruta."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-331"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:unify:openstage_sip:*:*:*:*:*:*:*:*","versionEndExcluding":"r3.32.0","matchCriteriaId":"7228102B-6691-4602-A074-11B953C0D681"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:unify:openstage_20:-:*:*:*:*:*:*:*","matchCriteriaId":"1E8FFABC-782E-43BB-A402-C20B6B92342A"},{"vulnerable":false,"criteria":"cpe:2.3:h:unify:openstage_40:-:*:*:*:*:*:*:*","matchCriteriaId":"95BBDFB6-DDA4-4E2C-8DEA-EDD6C07BB0A1"},{"vulnerable":false,"criteria":"cpe:2.3:h:unify:openstage_60:-:*:*:*:*:*:*:*","matchCriteriaId":"E660AD8F-0961-4BB8-A453-57FFC205C062"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:unify:openscape_desk_phone_ip_sip:*:*:*:*:*:*:*:*","versionEndExcluding":"r3.32.0","matchCriteriaId":"5CF4C6F5-E9A5-48E1-8E55-0D7204BA2DC3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:atos:openscape_desk_phone_ip_35g:-:*:*:*:*:*:*:*","matchCriteriaId":"96DC9F9D-8C29-4524-9740-5216E93F86FB"},{"vulnerable":false,"criteria":"cpe:2.3:h:atos:openscape_desk_phone_ip_35g_eco:-:*:*:*:*:*:*:*","matchCriteriaId":"6D542112-CDD8-4BEA-B52C-507BCC879279"},{"vulnerable":false,"criteria":"cpe:2.3:h:atos:openscape_desk_phone_ip_55g:-:*:*:*:*:*:*:*","matchCriteriaId":"CC85895E-4D76-47EF-806D-8B6DB7058D5E"}]}]}],"references":[{"url":"https://networks.unify.com/security/advisories/OBSO-1501-02.pdf","source":"cve@mitre.org","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://networks.unify.com/security/advisories/OBSO-1501-02.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}