Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.
The command injection vulnerability (CWE-77) exists because the application does not properly validate input data passed to the device's hostname field. An attacker without any authentication can inject arbitrary system commands that will be executed in the context of the device. The attack vector is network-based, requires no user interaction or special privileges, and the scope of the attack extends beyond the component itself (S:C).
An attacker can gain full control over the device, obtaining the highest level of confidentiality, integrity, and availability of the system — including reading configuration data, modifying device settings, and potentially disrupting its operation. It is also possible to use the compromised device as an entry point for further lateral movement within the network.
Apply patches available from the manufacturer according to the references — detailed information about the patched firmware versions is contained in the official Zenitel Security Advisory (A100K12333) available at the address indicated in the references. Until the update is applied, it is recommended to isolate devices from public networks and restrict access to them exclusively to trusted network segments.
Zenitel ICx500 and ICx510 devices (firmware and hardware) — specific firmware versions indicated in the manufacturer's references (Security Advisory A100K12333).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HZenitel Icx500
HWZenitelwszystkie wersjeZenitel Icx500 Firmware
OSZenitel< 1.4.3.3Zenitel Icx510
HWZenitelwszystkie wersjeZenitel Icx510 Firmware
OSZenitel< 1.4.3.3
Related vulnerabilities
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and d...
Command Injection w Zenitel Tcis-3 via nazwa przesyłanego pliku
Command injection w Zenitel TCIS-3 – wykonanie poleceń przez hostname
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file...