CWE
200
Advisory Published
Updated

CVE-2015-8251: Infoleak

First published: Mon Sep 25 2017(Updated: )

OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys.

Credit: cret@cert.org

Affected SoftwareAffected VersionHow to fix
Atos Openstage 60 Firmware=3.0
Unify Openstage 60
Unify OpenScape Desk Phone IP 55G SIP Firmware=3.0
Atos Openscape Desk Phone IP 55G
Atos Openstage 15 G Firmware=3.0
Unify Openstage 15 Firmware
Unify Openstage 20e Firmware=3.0
Unify Openstage 20e Firmware
Unify Openstage 20 Firmware=3.0
Unify Openstage 20 Firmware
Unify Openstage 40 Firmware=3.0
Atos Openstage 40
Unify OpenScape Desk Phone IP 35G=3.0
Unify OpenScape Desk Phone IP 35G SIP Firmware
Unify OpenStage Desk Phone IP 35G Eco SIP Firmware=3.0
Unify OpenScape Desk Phone IP 35G Eco SIP
Unify OpenStage Desk Phone IP 55G HFA Firmware=3.0
Atos OpenScape Desk Phone IP 55G
Unify OpenScape Desk Phone IP 35G HFA=3.0
Unify OpenScape Desk Phone IP 35G HFA Firmware
Unify OpenScape Desk Phone IP 35G Eco HFA

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2015-8251?

    The severity of CVE-2015-8251 is considered high due to potential remote code execution risks.

  • How do I fix CVE-2015-8251?

    To fix CVE-2015-8251, update the firmware of affected OpenStage and OpenScape Desk Phone models to the latest version.

  • Which devices are affected by CVE-2015-8251?

    CVE-2015-8251 affects various models including OpenStage 60, OpenScape Desk Phone IP 55G, and others running firmware version 3.0.

  • Is CVE-2015-8251 being actively exploited?

    As of the latest updates, there are no confirmed active exploits for CVE-2015-8251 in the wild.

  • What are the potential consequences of CVE-2015-8251?

    The potential consequences of CVE-2015-8251 include unauthorized access, interception of communications, and execution of arbitrary code.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203