CVE-2024-29150

Name of the Vulnerable Software and Affected Versions Alcatel-Lucent ALE NOE deskphones versions 86x8 NOE-R300.1.40.12.4180 and earlier Alcatel-Lucent ALE SIP deskphones versions 86x8 SIP-R200.1.01.10.728 and earlier

Description An issue was discovered due to improper privilege management, allowing an authenticated attacker to create symlinks to sensitive and protected data in locations used for debugging files. The process of gathering debug logs is carried out with root privileges, granting the attacker accessibility to any file referenced in the symlink, which is then written to the debug archive.

Recommendations For Alcatel-Lucent ALE NOE deskphones versions 86x8 NOE-R300.1.40.12.4180 and earlier, consider restricting access to sensitive data until a patch is available. For Alcatel-Lucent ALE SIP deskphones versions 86x8 SIP-R200.1.01.10.728 and earlier, consider restricting access to sensitive data until a patch is available. As a temporary workaround, consider disabling the debugging file functionality until a patch is available.