製品・ソフトウェアに関する情報
Vulnerability Search
組込み機器に固有でない X.509 証明書および SSH ホスト鍵を使用している問題
Title 組込み機器に固有でない X.509 証明書および SSH ホスト鍵を使用している問題
Summary

多くの組込み機器が、固有でない X.509 証明書と SSH ホスト鍵を使用しているため、なりすましや中間者 (man-in-the-middle) 攻撃、通信内容の解読などの攻撃を受ける可能性があります。 暗号鍵がハードコードされている問題 (CWE-321) SEC Consult の Stefan Viehböck の調査によると、多くの組込み機器が、固有でない X.509 証明書と SSH ホスト鍵を使用して、インターネットからアクセス可能な状態にあるとのことです。ファームウェアイメージに、ハードコードされた鍵や、インターネットをスキャンして蓄積されたレポジトリである scans.io (特に SSH の結果と、SSL 証明書) のデータとフィンガープリントが一致する証明書を使用している機器は脆弱だと判断できます。影響を受ける機器は家庭用ルータや IP カメラから VoIP 製品にまで多岐に渡ります。 CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH の結果 https://scans.io/series/ssh-rsa-full-ipv4 SSL 証明書 https://scans.io/study/sonar.ssl 多くの脆弱な機器では、証明書や鍵の再利用は特定の開発者による限られた製品ラインに留まっていますが、複数の開発者で同一の証明書や鍵を使用している例もいくつか存在します。これらは、共通の SDK を使用して開発されたファームウェア、または ISP が提供する OEM 機器のファームウェアを使用していることが根本的な原因となっています。 脆弱な機器はなりすましや中間者 (man-in-the-middle) 攻撃を受けたり、通信内容を解読されたりする可能性があります。おそらく攻撃者は認証情報やその他の機密情報を取得することができ、それらを更なる攻撃に使用することが可能です。調査結果と、証明書や SSH ホスト鍵の問題の影響を受けるシステムのさらに詳しい情報は、SEC Consult のブログ記事を参照してください。 証明書 https://www.sec-consult.com/download/certificates.html SSH ホスト鍵 https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html

Possible impacts 遠隔の攻撃者に、ユーザになりすまされたり、中間者 (man-in-the-middle) 攻撃を受けたり、通信内容を解読されたりする可能性があります。結果として、機密情報が漏えいする可能性があります。
Solution

2015年11月26日現在、ほとんどの機器において対策方法は不明です。いくつかの開発者は、アップデートや情報を公開する予定であるとのことで、新たな情報が判明次第、CERT/CC Vulnerability Note VU#566724 の Vendor Information が更新される予定です。さらに詳しい情報は、開発者へお問い合わせください。 CERT/CC Vulnerability Note VU#566724 の Vendor Information http://www.kb.cert.org/vuls/id/566724#vendors [ワークアラウンドを実施する] 次のワークアラウンドを実施することで、本脆弱性の影響を軽減することが可能です。  * 可能であれば手動で X.509 証明書と SSH ホスト鍵を変更する  * アクセスを制限する

Publication Date Nov. 25, 2015, midnight
Registration Date Feb. 29, 2016, 4:55 p.m.
Last Update Feb. 28, 2018, 1:56 p.m.
CVSS2.0 : 警告
Score 5
Vector AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected System
(複数のベンダ)
(複数の製品) 
ZyXEL
C1000Z ファームウェア 
FR1000Z ファームウェア 
GS1900-24 ファームウェア 
GS1900-8 ファームウェア 
NWA1100-N ファームウェア 
NWA1100-NH ファームウェア 
NWA1121-NI ファームウェア 
NWA1123-AC ファームウェア 
NWA1123-NI ファームウェア 
P-660HN-51 ファームウェア 
P-663HN-51 ファームウェア 
P8702N ファームウェア 
PMG5318-B20A ファームウェア 
Q1000 ファームウェア 
SBG3300-N000 ファームウェア 
SBG3300-NB00 ファームウェア 
SBG3500-N000 ファームウェア 
VMG1312-B10A ファームウェア 
VMG1312-B30A ファームウェア 
VMG1312-B30B ファームウェア 
VMG4380-B10A ファームウェア 
VMG8324-B10A ファームウェア 
VMG8924-B10A ファームウェア 
VMG8924-B30A ファームウェア 
VSG1435-B101 ファームウェア 
CVE (情報セキュリティ 共通脆弱性識別子)
ベンダー情報
その他
Change Log
No Changed Details Date of change
0 [2016年02月29日]
  掲載
[2017年10月25日]
  影響を受けるシステム:ベンダ情報の追加に伴い内容を更新
  ベンダ情報:ZyXEL (Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)) を追加
  参考情報:National Vulnerability Database (NVD) (CVE-2015-7256) を追加		 Feb. 17, 2018, 10:37 a.m.
1 [2018年02月28日]
  参考情報:National Vulnerability Database (NVD) (CVE-2015-6358) を追加
  参考情報:National Vulnerability Database (NVD) (CVE-2015-7255) を追加
  参考情報:National Vulnerability Database (NVD) (CVE-2015-7276) を追加
  参考情報:National Vulnerability Database (NVD) (CVE-2015-8251) を追加		 Feb. 28, 2018, 12:11 p.m.
NVD Vulnerability Information
CVE-2015-6358
Summary

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

Publication Date Oct. 13, 2017, 12:29 a.m.
Registration Date Jan. 26, 2021, 2:54 p.m.
Last Update Nov. 21, 2024, 11:34 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:cisco:rv320_firmware:*:*:*:*:*:*:*:* 1.3.1.10
execution environment
1 cpe:2.3:h:cisco:rv320:-:*:*:*:*:*:*:*
Configuration2 or higher or less more than less than
cpe:2.3:o:cisco:rv325_firmware:*:*:*:*:*:*:*:* 1.3.1.10
execution environment
1 cpe:2.3:h:cisco:rv325:-:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:o:cisco:rvs4000_firmware:*:*:*:*:*:*:*:* 2.0.3.4
execution environment
1 cpe:2.3:h:cisco:rvs4000:-:*:*:*:*:*:*:*
Configuration4 or higher or less more than less than
cpe:2.3:o:cisco:wrv210_firmware:*:*:*:*:*:*:*:* 2.0.1.5
execution environment
1 cpe:2.3:h:cisco:wrv210:-:*:*:*:*:*:*:*
Configuration5 or higher or less more than less than
cpe:2.3:o:cisco:wap4410n_firmware:*:*:*:*:*:*:*:* 2.0.7.8
execution environment
1 cpe:2.3:h:cisco:wap4410n:-:*:*:*:*:*:*:*
Configuration6 or higher or less more than less than
cpe:2.3:o:cisco:wrv200_firmware:1.0.39:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:cisco:wrv200:-:*:*:*:*:*:*:*
Configuration7 or higher or less more than less than
cpe:2.3:o:cisco:wrvs4400n_firmware:*:*:*:*:*:*:*:* 2.0.2.2
execution environment
1 cpe:2.3:h:cisco:wrvs4400n:-:*:*:*:*:*:*:*
Configuration8 or higher or less more than less than
cpe:2.3:o:cisco:wap200_firmware:*:*:*:*:*:*:*:* 2.0.6.0
execution environment
1 cpe:2.3:h:cisco:wap200:-:*:*:*:*:*:*:*
Configuration9 or higher or less more than less than
cpe:2.3:o:cisco:wvc2300_firmware:*:*:*:*:*:*:*:* 1.1.2.6
execution environment
1 cpe:2.3:h:cisco:wvc2300:-:*:*:*:*:*:*:*
Configuration10 or higher or less more than less than
cpe:2.3:o:cisco:pvc2300_firmware:*:*:*:*:*:*:*:* 1.1.2.6
execution environment
1 cpe:2.3:h:cisco:pvc2300:-:*:*:*:*:*:*:*
Configuration11 or higher or less more than less than
cpe:2.3:o:cisco:srw224p_firmware:*:*:*:*:*:*:*:* 2.0.2.4
execution environment
1 cpe:2.3:h:cisco:srw224p:-:*:*:*:*:*:*:*
Configuration12 or higher or less more than less than
cpe:2.3:o:cisco:wet200_firmware:*:*:*:*:*:*:*:* 2.0.8.0
execution environment
1 cpe:2.3:h:cisco:wet200:-:*:*:*:*:*:*:*
Configuration13 or higher or less more than less than
cpe:2.3:o:cisco:wap2000_firmware:*:*:*:*:*:*:*:* 2.0.8.0
execution environment
1 cpe:2.3:h:cisco:wap2000:-:*:*:*:*:*:*:*
Configuration14 or higher or less more than less than
cpe:2.3:o:cisco:wap4400n_firmware:*:*:*:*:*:*:*:* -
execution environment
1 cpe:2.3:h:cisco:wap4400n:-:*:*:*:*:*:*:*
Configuration15 or higher or less more than less than
cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:* 1.0.5.9
execution environment
1 cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*
Configuration16 or higher or less more than less than
cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:* 1.0.5.4
execution environment
1 cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*
Configuration17 or higher or less more than less than
cpe:2.3:o:cisco:rv180w_firmware:*:*:*:*:*:*:*:* 1.0.5.4
execution environment
1 cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*
Configuration18 or higher or less more than less than
cpe:2.3:o:cisco:rv315w_firmware:*:*:*:*:*:*:*:* 1.01.03
execution environment
1 cpe:2.3:h:cisco:rv315w:-:*:*:*:*:*:*:*
Configuration19 or higher or less more than less than
cpe:2.3:o:cisco:srp520_firmware:*:*:*:*:*:*:*:* 1.01.29
execution environment
1 cpe:2.3:h:cisco:srp520:-:*:*:*:*:*:*:*
Configuration20 or higher or less more than less than
cpe:2.3:o:cisco:srp520-u_firmware:*:*:*:*:*:*:*:* 1.2.6
execution environment
1 cpe:2.3:h:cisco:srp520-u:-:*:*:*:*:*:*:*
Configuration21 or higher or less more than less than
cpe:2.3:o:cisco:wrp500_firmware:*:*:*:*:*:*:*:* 1.0.1.002
execution environment
1 cpe:2.3:h:cisco:wrp500:-:*:*:*:*:*:*:*
Configuration22 or higher or less more than less than
cpe:2.3:o:cisco:spa400_firmware:*:*:*:*:*:*:*:* 1.1.2.2
execution environment
1 cpe:2.3:h:cisco:spa400:-:*:*:*:*:*:*:*
Configuration23 or higher or less more than less than
cpe:2.3:o:cisco:rtp300_firmware:*:*:*:*:*:*:*:* 3.1.24
execution environment
1 cpe:2.3:h:cisco:rtp300:-:*:*:*:*:*:*:*
Configuration24 or higher or less more than less than
cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:* 1.0.4.17
execution environment
1 cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List
CVE-2015-7255
Summary

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.

Publication Date Aug. 30, 2017, 12:29 a.m.
Registration Date Jan. 26, 2021, 2:56 p.m.
Last Update Nov. 21, 2024, 11:36 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:zte:ox-330p_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zte:ox-330p:-:*:*:*:*:*:*:*
Configuration2 or higher or less more than less than
cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:o:zte:w300v1.0.0s_zrd_tr1_d68_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zte:w300v1.0.0s_zrd_tr1_d68:-:*:*:*:*:*:*:*
Configuration4 or higher or less more than less than
cpe:2.3:o:zte:hg110_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zte:hg110:-:*:*:*:*:*:*:*
Configuration5 or higher or less more than less than
cpe:2.3:o:zte:gan9.8t101a-b_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zte:gan9.8t101a-b:-:*:*:*:*:*:*:*
Configuration6 or higher or less more than less than
cpe:2.3:o:zte:mf28g_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zte:mf28g:-:*:*:*:*:*:*:*
Configuration7 or higher or less more than less than
cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List
CVE-2015-7256
Summary

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.

Publication Date Sept. 28, 2017, 10:29 a.m.
Registration Date Jan. 26, 2021, 2:56 p.m.
Last Update Nov. 21, 2024, 11:36 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:zyxel:nwa1100-n_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:nwa1100-n:-:*:*:*:*:*:*:*
Configuration2 or higher or less more than less than
cpe:2.3:o:zyxel:nwa1100-nh_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:nwa1100-nh:-:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:o:zyxel:nwa1121-ni_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:nwa1121-ni:-:*:*:*:*:*:*:*
Configuration4 or higher or less more than less than
cpe:2.3:o:zyxel:nwa1123-ac_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:nwa1123-ac:-:*:*:*:*:*:*:*
Configuration5 or higher or less more than less than
cpe:2.3:o:zyxel:nwa1123-ni_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:nwa1123-ni:-:*:*:*:*:*:*:*
Configuration6 or higher or less more than less than
cpe:2.3:o:zyxel:p-660hn-51_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:p-660hn-51:-:*:*:*:*:*:*:*
Configuration7 or higher or less more than less than
cpe:2.3:o:zyxel:p-663hn-51_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:p-663hn-51:-:*:*:*:*:*:*:*
Configuration8 or higher or less more than less than
cpe:2.3:o:zyxel:vmg1312-b10a_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:vmg1312-b10a:-:*:*:*:*:*:*:*
Configuration9 or higher or less more than less than
cpe:2.3:o:zyxel:vmg1312-b30a_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:vmg1312-b30a:-:*:*:*:*:*:*:*
Configuration10 or higher or less more than less than
cpe:2.3:o:zyxel:vmg1312-b30b_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:vmg1312-b30b:-:*:*:*:*:*:*:*
Configuration11 or higher or less more than less than
cpe:2.3:o:zyxel:vmg4380-b10a_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:vmg4380-b10a:-:*:*:*:*:*:*:*
Configuration12 or higher or less more than less than
cpe:2.3:o:zyxel:vmg8324-b10a_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:vmg8324-b10a:-:*:*:*:*:*:*:*
Configuration13 or higher or less more than less than
cpe:2.3:o:zyxel:vmg8924-b10a_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:vmg8924-b10a:-:*:*:*:*:*:*:*
Configuration14 or higher or less more than less than
cpe:2.3:o:zyxel:vmg8924-b30a_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:vmg8924-b30a:-:*:*:*:*:*:*:*
Configuration15 or higher or less more than less than
cpe:2.3:o:zyxel:vsg1435-b101_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:vsg1435-b101:-:*:*:*:*:*:*:*
Configuration16 or higher or less more than less than
cpe:2.3:o:zyxel:pmg5318-b20a_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:pmg5318-b20a:-:*:*:*:*:*:*:*
Configuration17 or higher or less more than less than
cpe:2.3:o:zyxel:sbg3300-n000_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:sbg3300-n000:-:*:*:*:*:*:*:*
Configuration18 or higher or less more than less than
cpe:2.3:o:zyxel:sbg3300-nb00_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:sbg3300-nb00:-:*:*:*:*:*:*:*
Configuration19 or higher or less more than less than
cpe:2.3:o:zyxel:sbg3500-n000_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:sbg3500-n000:-:*:*:*:*:*:*:*
Configuration20 or higher or less more than less than
cpe:2.3:o:zyxel:gs1900-8_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*
Configuration21 or higher or less more than less than
cpe:2.3:o:zyxel:gs1900-24_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*
Configuration22 or higher or less more than less than
cpe:2.3:o:zyxel:c1000z_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:c1000z:-:*:*:*:*:*:*:*
Configuration23 or higher or less more than less than
cpe:2.3:o:zyxel:q1000_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:q1000:-:*:*:*:*:*:*:*
Configuration24 or higher or less more than less than
cpe:2.3:o:zyxel:fr1000z_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:fr1000z:-:*:*:*:*:*:*:*
Configuration25 or higher or less more than less than
cpe:2.3:o:zyxel:p8702n_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:zyxel:p8702n:-:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List
CVE-2015-7276
Summary

Technicolor C2000T and C2100T uses hard-coded cryptographic keys.

Publication Date Nov. 7, 2019, 1:15 a.m.
Registration Date Jan. 26, 2021, 2:56 p.m.
Last Update Nov. 21, 2024, 11:36 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:technicolor:c2000t_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:technicolor:c2000t:-:*:*:*:*:*:*:*
Configuration2 or higher or less more than less than
cpe:2.3:o:technicolor:c2100t_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:technicolor:c2100t:-:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List
CVE-2015-8251
Summary

OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys.

Publication Date Sept. 26, 2017, 6:29 a.m.
Registration Date Jan. 26, 2021, 2:57 p.m.
Last Update Nov. 21, 2024, 11:38 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:unify:openstage_60_firmware:3.0:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:unify:openstage_60:-:*:*:*:*:*:*:*
Configuration2 or higher or less more than less than
cpe:2.3:o:unify:openscape_desk_phone_ip_55g_sip_firmware:3.0:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:unify:openscape_desk_phone_ip_55g_sip:-:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:o:unify:openstage_15_firmware:3.0:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:unify:openstage_15:-:*:*:*:*:*:*:*
Configuration4 or higher or less more than less than
cpe:2.3:o:unify:openstage_20e_firmware:3.0:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:unify:openstage_20e:-:*:*:*:*:*:*:*
Configuration5 or higher or less more than less than
cpe:2.3:o:unify:openstage_20_firmware:3.0:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:unify:openstage_20:-:*:*:*:*:*:*:*
Configuration6 or higher or less more than less than
cpe:2.3:o:unify:openstage_40_firmware:3.0:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:unify:openstage_40:-:*:*:*:*:*:*:*
Configuration7 or higher or less more than less than
cpe:2.3:o:unify:openscape_desk_phone_ip_35g_sip_firmware:3.0:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:unify:openscape_desk_phone_ip_35g_sip:-:*:*:*:*:*:*:*
Configuration8 or higher or less more than less than
cpe:2.3:o:unify:openscape_desk_phone_ip_35g_eco_sip_firmware:3.0:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:unify:openscape_desk_phone_ip_35g_eco_sip:-:*:*:*:*:*:*:*
Configuration9 or higher or less more than less than
cpe:2.3:o:unify:openscape_desk_phone_ip_55g_hfa_firmware:3.0:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:unify:openscape_desk_phone_ip_55g_hfa:-:*:*:*:*:*:*:*
Configuration10 or higher or less more than less than
cpe:2.3:o:unify:openscape_desk_phone_ip_35g_hfa_firmware:3.0:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:unify:openscape_desk_phone_ip_35g_hfa:-:*:*:*:*:*:*:*
Configuration11 or higher or less more than less than
cpe:2.3:o:unify:openstage_60_firmware:3.0:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:unify:openscape_desk_phone_ip_35g_eco_hfa:-:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List