Search
Find a vulnerability
Search criteria
2 vulnerabilities found for obihai_obi1022_firmware by polycom
CVE-2019-14259 (GCVE-0-2019-14259)
Vulnerability from nvd – Published: 2019-08-01 14:44 – Updated: 2024-08-05 00:12
VLAI
Summary
On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.sit.fraunhofer.de/fileadmin/dokumente… | x_refsource_MISC |
Date Public
2019-07-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Obihai_Obi1002.pdf?_=1563787869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-07-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the \"Time Service Settings web\" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:44:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Obihai_Obi1002.pdf?_=1563787869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the \"Time Service Settings web\" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Obihai_Obi1002.pdf?_=1563787869",
"refsource": "MISC",
"url": "https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Obihai_Obi1002.pdf?_=1563787869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14259",
"datePublished": "2019-08-01T14:44:12.000Z",
"dateReserved": "2019-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:12:43.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14259 (GCVE-0-2019-14259)
Vulnerability from cvelistv5 – Published: 2019-08-01 14:44 – Updated: 2024-08-05 00:12
VLAI
Summary
On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.sit.fraunhofer.de/fileadmin/dokumente… | x_refsource_MISC |
Date Public
2019-07-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Obihai_Obi1002.pdf?_=1563787869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-07-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the \"Time Service Settings web\" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:44:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Obihai_Obi1002.pdf?_=1563787869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the \"Time Service Settings web\" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Obihai_Obi1002.pdf?_=1563787869",
"refsource": "MISC",
"url": "https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Obihai_Obi1002.pdf?_=1563787869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14259",
"datePublished": "2019-08-01T14:44:12.000Z",
"dateReserved": "2019-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:12:43.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}