{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-28066", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-15T14:44:40.826Z", "dateReserved": "2024-03-01T00:00:00.000Z", "datePublished": "2024-04-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-08T12:44:00.192Z"}, "descriptions": [{"lang": "en", "value": "In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://syss.de"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:47.824Z"}, "title": "CVE Program Container", "references": [{"url": "https://syss.de", "tags": ["x_transferred"]}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-259", "lang": "en", "description": "CWE-259 Use of Hard-coded Password"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-1391", "lang": "en", "description": "CWE-1391 Use of Weak Credentials"}]}], "affected": [{"vendor": "atos", "product": "openscape_desk_phone_ip_35g_firmware", "cpes": ["cpe:2.3:o:atos:openscape_desk_phone_ip_35g_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.10.4.3", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "atos", "product": "openscape_desk_phone_ip_35g_eco_firmware", "cpes": ["cpe:2.3:o:atos:openscape_desk_phone_ip_35g_eco_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.10.4.3", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-08T17:26:56.257553Z", "id": "CVE-2024-28066", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T14:44:40.826Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://syss.de", "tags": ["x_transferred"]}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:47.824Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-28066", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-08T17:26:56.257553Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:atos:openscape_desk_phone_ip_35g_firmware:*:*:*:*:*:*:*:*"], "vendor": "atos", "product": "openscape_desk_phone_ip_35g_firmware", "versions": [{"status": "affected", "version": "1.10.4.3", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:atos:openscape_desk_phone_ip_35g_eco_firmware:*:*:*:*:*:*:*:*"], "vendor": "atos", "product": "openscape_desk_phone_ip_35g_eco_firmware", "versions": [{"status": "affected", "version": "1.10.4.3", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-259", "description": "CWE-259 Use of Hard-coded Password"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1391", "description": "CWE-1391 Use of Weak Credentials"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T13:04:22.981Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://syss.de"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"}], "descriptions": [{"lang": "en", "value": "In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-08T12:44:00.192684"}}}, "cveMetadata": {"cveId": "CVE-2024-28066", "state": "PUBLISHED", "dateUpdated": "2024-08-15T14:44:40.826Z", "dateReserved": "2024-03-01T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-04-08T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:6940w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E8F353A-2954-4FCF-B481-C192FD983206", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:6940w:-:*:*:*:*:*:*:*", "matchCriteriaId": "90B86603-CC66-49E1-AB63-94A628FA44E7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:6930w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BAFE2C1-336F-4B5A-BEF0-EE766508B3A3", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:6930w:-:*:*:*:*:*:*:*", "matchCriteriaId": "A57C4650-5CA1-4417-9EE7-22D9FDC8124D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:6920w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB75480D-DE6A-4038-AC3B-622BB5D8F8F8", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:6920w:-:*:*:*:*:*:*:*", "matchCriteriaId": "71EB8862-6461-428F-8B82-C054C4D2CE5C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5288B8BB-678A-4910-BBF4-3E8257AFAE75", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*", "matchCriteriaId": "651C4A02-AE83-4D6E-B49F-D756DF8032F3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:6915_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1C89C7D-9753-484C-902E-8BB0A28185AE", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:6915:-:*:*:*:*:*:*:*", "matchCriteriaId": "12F66268-D7C8-450A-BBFF-33EE09DF4A5F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:6910_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB643C04-00DF-4EF1-8A1E-39BD6800C553", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:6910:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD92F0F9-CC50-4C36-A7E8-751B6C98E8B4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:6905_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C916E4A-39AC-452F-BAD4-4E47CD69F70A", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:6905:-:*:*:*:*:*:*:*", "matchCriteriaId": "BAD555D7-9F4C-46A1-B8DD-D60EB0BA6797", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:openscape_cp710_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "53B1F5EE-FB44-43AD-9D37-CBA8D2155831", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:openscape_cp710:-:*:*:*:*:*:*:*", "matchCriteriaId": "85362640-CB42-40BB-8803-F7D960911327", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:openscape_cp410_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F37C4EA4-5DD1-44FF-A282-7AE88508E6DC", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:openscape_cp410:-:*:*:*:*:*:*:*", "matchCriteriaId": "51303B03-5853-495B-9F7E-C7F530CE57EC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:openscape_cp210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9918B1F7-7E82-4D80-9058-A1C4C65009BD", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:openscape_cp210:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE489CF3-FAF4-48BE-A548-651C0B2E5CDF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:openscape_cp110_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BDFD4E2-00A5-42A7-940D-FF7C06497C35", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:openscape_cp110:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F91E6A0-E42D-4173-9AC9-76DB576A61C3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:openscape_cpx10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "92B08446-EB47-4B1E-9F44-DD9EA5EC855E", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:openscape_cpx10:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E2F08B1-A897-41D7-A515-2376A0A7C8EC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:openscape_dect_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEA4596E-508B-40DF-98B6-CEFF87019911", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:openscape_dect:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2DDF093-3F48-4789-AD24-49F137B22AE4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mitel:700d_dect_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A563B34B-B56B-43A9-AE83-4D792A44792E", "versionEndExcluding": "1.11.3.0", "versionStartIncluding": "1.10.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mitel:700d_dect:-:*:*:*:*:*:*:*", "matchCriteriaId": "09BDF12A-9343-4663-8A64-77BCEE5928D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password)."}, {"lang": "es", "value": "En el firmware 1.10.4.3 de Unify CP IP Phone, se utilizan credenciales d\u00e9biles (una contrase\u00f1a ra\u00edz codificada)."}], "id": "CVE-2024-28066", "lastModified": "2025-06-18T19:01:05.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-08T13:15:08.247", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://syss.de"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://syss.de"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-259"}, {"lang": "en", "value": "CWE-1391"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}