CVE-2014-8422

Name of the Vulnerable Software and Affected Versions Unify OpenStage SIP and OpenScape Desk Phone IP V3 versions prior to R3.32.0

Description The issue concerns the web-based management interface in the affected devices, which generates session cookies with insufficient entropy. This makes it easier for remote attackers to hijack sessions via a brute-force attack.

Recommendations For versions prior to R3.32.0, update to version R3.32.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.