A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Ribboncommunications Sonus sbc 1000 firmware 6.0.0 (not an official CPE)
Ribboncommunications Sonus sbc 1000 firmware 6.1.0 (not an official CPE)
Ribboncommunications Sonus sbc 1000 firmware 7.0.0 (not an official CPE)
Ribboncommunications Sonus sbc 2000 firmware 6.0.0 (not an official CPE)
Ribboncommunications Sonus sbc 2000 firmware 6.1.0 (not an official CPE)
Ribboncommunications Sonus sbc 2000 firmware 7.0.0 (not an official CPE)
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6... | |||
| https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c5... |