Description

An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to sensitive and protected data in locations that are used for debugging files. Given that the process of gathering debug logs is carried out with root privileges, any file referenced in the symlink is consequently written to the debug archive, thereby granting accessibility to the attacker.

INFO

Published Date :

2024-05-07T00:00:00.000Z

Last Modified :

2024-08-02T01:10:53.927Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-29150 vulnerability.

Vendors Products
Ale International
  • Alcatel-lucent Ale Deskphones
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-29150.

URL Resource
https://www.al-enterprise.com/-/media/assets/internet/documents/n-to-s/sa-c0071-ed01.pdf cve-icon cve-icon
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-011.txt cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact