CVE-2024-28065

In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
mitreCNA
---
---
CISA-ADPADP
5.9 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Common Weakness Enumeration
References
https://syss.de
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-007.txt
https://syss.de
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-007.txt