Snom Multiple Vulnerabilities Network Vulnerability

Summary

The remote Snom device is prone to multiple vulnerabilities

Impact

A remote attacker may be able to gain administration rights, spoof a VPN tunnel, place malware and execute arbitrary code

Solution

Update to a firmware version >= 8.7.5.15

Insight

Several issues existed in actionURLs and java script handling that would have allowed an attacker to get access to administrations rights. With administrations rights an attacker can misuse the OpenVPN support to upload malware or spoof a VPN tunnels.

Affected

Snom devices with firmware < 8.7.5.15

Detection

Check the firmware version

References

http://wiki.snom.com/8.7.5.15_OpenVPN_Security_Update

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Captivate Insecure Library Loading Vulnerability
Adobe Air Multiple Vulnerabilities June-2012 (Windows)
Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)

Take action and discover your vulnerabilities