Description
In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials.

This issue was fixed in versions below:
- IPx series: version 6.61.0040
- CCT-1668: version 6.56.0430
- MAC-6400: version 6.56.0430
- CXS-0424: version 6.30.0510

The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:
- CCT-1668 (CCT1CPU)
- MAC-6400
- CXS-0424
These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.
Published: 2026-05-27
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from a predictable generation of a secure key within Slican telephone exchanges. An unauthenticated attacker can calculate this key using exposed properties of the device and subsequently gain administrative credentials. Based on the description, it is inferred that, once these credentials are obtained, the attacker could alter configurations or potentially gain control over the device, which could impact confidentiality, integrity, and availability. The weakness is classified under CWE‑1391, reflecting that the mechanism for establishing secure credentials is insecure.

Affected Systems

The flaw affects multiple Slican telephone exchange models, including IPx, CCT‑1668, MAC‑6400, and CXS‑0424. Firmware versions up to 6.61.0040 for IPx, 6.56.0430 for CCT‑1668 and MAC‑6400, and 6.30.0510 for CXS‑0424 contain the vulnerability. The issue remains unpatched in end‑of‑life products using firmware 4.xx or earlier for the CCT‑1668 (CCT1CPU), MAC‑6400, and CXS‑0424 lines, which will never receive software updates and require hardware modifications for any patch to be applied.

Risk and Exploitability

With a CVSS score of 8.7 the vulnerability is classified as high severity, and it is not listed in the CISA KEV catalog. The EPSS score is unavailable, but the ability for an attacker to deduce credentials without authentication suggests that exploitation is likely in environments where these devices are exposed. Based on the description, it is inferred that once the secure key is deduced, an attacker gains administrative authority directly, without any additional privilege escalation steps. The threat is most acute for organizations that maintain legacy devices on the network without proper isolation or updates.

Generated by OpenCVE AI on May 27, 2026 at 15:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the firmware of all Slican devices to the latest patched versions—at least IPx 6.61.0040, CCT‑1668 6.56.0430, MAC‑6400 6.56.0430, and CXS‑0424 6.30.0510.
  • For end‑of‑life devices that cannot be updated through firmware alone, contact Slican’s service department to explore hardware upgrade or replacement options, as hardware updates are required to apply any new patches.
  • If hardware replacement is infeasible, isolate the legacy devices from untrusted networks, disable remote management interfaces, and restrict local access to strictly necessary personnel to mitigate potential exploitation.

Generated by OpenCVE AI on May 27, 2026 at 15:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx series: version 6.61.0040 - CCT-1668: version 6.56.0430 - MAC-6400: version 6.56.0430 - CXS-0424: version 6.30.0510 The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below: - CCT-1668 (CCT1CPU) - MAC-6400 - CXS-0424 These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.
Title Use of Weak Credentials in Slican telephone exchanges
Weaknesses CWE-1391
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-05-27T15:31:11.828Z

Reserved: 2026-04-01T11:23:16.118Z

Link: CVE-2026-35089

cve-icon Vulnrichment

Updated: 2026-05-27T15:31:07.108Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T14:16:44.847

Modified: 2026-05-27T19:38:33.270

Link: CVE-2026-35089

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T16:00:08Z

Weaknesses