Medium severity4.9NVD Advisory· Published Apr 12, 2018· Updated Jun 17, 2026

CVE-2014-9563

Description

CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Unify/OpenStage SIP and OpenScape Desk Phone IP V3llm-create
Range: <R3.32.0

Patches

Vulnerability mechanics

References

networks.unify.com/security/advisories/OBSO-1501-02.pdfnvdVendor Advisory
www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txtnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.319
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000