Summary
The remote Snom device is prone to multiple vulnerabilities
Impact
A remote attacker may be able to gain administration rights, spoof a VPN tunnel, place malware and execute arbitrary code
Solution
Update to a firmware version >= 8.7.5.15
Insight
Several issues existed in actionURLs and java script handling that would have allowed an attacker to get access to administrations rights. With administrations rights an attacker can misuse the OpenVPN support to upload malware or spoof a VPN tunnels.
Affected
Snom devices with firmware < 8.7.5.15
Detection
Check the firmware version
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe Flash Media Server multiple vulnerabilities
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)