CVE-2014-8421

Name of the Vulnerable Software and Affected Versions Unify OpenStage SIP and OpenScape Desk Phone IP V3 devices versions prior to R3.32.0

Description The issue allows remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of various scripts in the /Opera Deploy directory. These scripts include ConfigureCoreFile.sh, Traceroute.sh, apps.sh, conversion java2native.sh, coreCompression.sh, deletePasswd.sh, findHealthSvcFDs.sh, fw printenv.sh, fw setenv.sh, hw wd kicker.sh, new rootfs.sh, opera killSnmpd.sh, opera startSnmpd.sh, rebootOperaSoftware.sh, removeLogFiles.sh, runOperaServices.sh, setPasswd.sh, startAccTestSvcs.sh, usbNotification.sh, and appWeb.

Recommendations For versions prior to R3.32.0, update to version R3.32.0 or later to resolve the issue. As a temporary workaround, consider restricting SSH access and correcting the ownership of the vulnerable scripts in the /Opera Deploy directory until a patch is applied.