VAR-201305-0468
Vulnerability from variot - Updated: 2022-05-17 01:57The YeaLink IP Phone SIP-T20P/SIP-T26P phone device with firmware version <=9.70.0.100 has a security vulnerability that allows an attacker to use the first available SIP account, call without user confirmation, and the caller can also pass the microphone. monitor. YeaLink IP Phone SIP-T20P and SIP-T26P are both enterprise-grade IP phones from YeaLink of China. SIP-T20P is characterized by easy installation and use, convenient management, and improved office efficiency. It is mainly used for SMEs, call centers, governments and industry users. The feature of SIP-T26P is that it supports VLAN and OPen VPN functions, which is suitable for professional users such as supervisors, front desks, dispatchers, and agents. A security bypass vulnerability exists in YeaLink IP Phone SIP-T20P and SIP-T26P. An attacker could use this vulnerability to bypass specific security restrictions and perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0468",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip phone sip-t26p",
"scope": null,
"trust": 0.6,
"vendor": "yealink",
"version": null
},
{
"model": "ip phone sip-t20p",
"scope": null,
"trust": 0.6,
"vendor": "yealink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06423"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "b0hr",
"sources": [
{
"db": "BID",
"id": "60204"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-621"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-06423",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-06423",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06423"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The YeaLink IP Phone SIP-T20P/SIP-T26P phone device with firmware version \u003c=9.70.0.100 has a security vulnerability that allows an attacker to use the first available SIP account, call without user confirmation, and the caller can also pass the microphone. monitor. YeaLink IP Phone SIP-T20P and SIP-T26P are both enterprise-grade IP phones from YeaLink of China. SIP-T20P is characterized by easy installation and use, convenient management, and improved office efficiency. It is mainly used for SMEs, call centers, governments and industry users. The feature of SIP-T26P is that it supports VLAN and OPen VPN functions, which is suitable for professional users such as supervisors, front desks, dispatchers, and agents. \nA security bypass vulnerability exists in YeaLink IP Phone SIP-T20P and SIP-T26P. An attacker could use this vulnerability to bypass specific security restrictions and perform unauthorized operations",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06423"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-621"
},
{
"db": "BID",
"id": "60204"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "60204",
"trust": 1.5
},
{
"db": "EXPLOIT-DB",
"id": "25811",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-06423",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201305-621",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06423"
},
{
"db": "BID",
"id": "60204"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-621"
}
]
},
"id": "VAR-201305-0468",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06423"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06423"
}
]
},
"last_update_date": "2022-05-17T01:57:50.678000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/25811/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60204"
},
{
"trust": 0.3,
"url": "http://yealink.com/product_info.aspx?productscateid=187\u0026cateid=147\u0026baseinfocateid=187\u0026cate_id=187\u0026parentcateid=147"
},
{
"trust": 0.3,
"url": "http://yealink.com/product_info.aspx?productscateid=185\u0026cateid=147\u0026baseinfocateid=185\u0026cate_id=185\u0026parentcateid=147"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06423"
},
{
"db": "BID",
"id": "60204"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-621"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-06423"
},
{
"db": "BID",
"id": "60204"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-621"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06423"
},
{
"date": "2013-05-29T00:00:00",
"db": "BID",
"id": "60204"
},
{
"date": "2013-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-621"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06423"
},
{
"date": "2013-05-29T00:00:00",
"db": "BID",
"id": "60204"
},
{
"date": "2013-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-621"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-621"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "YeaLink IP Phone SIP-T20P/SIP-T26P Security Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06423"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-621"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "60204"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…