Online Webinar: Discover the Latest AI-Powered AV Solutions for Next-gen Digtial Workpace Webinar Invite: Transform Your Digital Workplace with AI-Powered AV Solutions
DE
English Español Français Deutsch Nederlands Português 中文
Contact Sales
Produkte
Microsoft | Zoom Gerät Headset IP-Telefone H.323/SIP-Raumendpunkte Verwaltungsplattform
Sonstiges
EoS-Produkte
Lösungen
Microsoft-Lösungen Zoom-Lösungen Nach Branche Nach Szenario Für Strategische Partner Besprechungsraum
Wichtige Werkzeuge
Bereitstellungstools Live-Demo-Service Raumgeräte-Kalkulator PAG/NAG-Rechner Zimmerkonfigurator
Yealink Support
Beratungsstelle Yealink-Akademie Ressourcen-Center
Weitere
Trustcenter
Yealink Partner
Partner Zertifizierter IP-Telefon-Ingenieur Zertifiziertes Microsoft-Lösungsprogramm
Unternehmen
Über Yealink Neuigkeiten und Einblicke Perspektiven Kontaktiere Uns
Teams Rooms Systems
Zoom Rooms System
Zubehör für Raumsysteme
USB-Kameras und BYOD-Kits
AIOT-Raumgerät
Raum-Audiogeräte
Raumsystem-Zubehör
Raummontageset
Teams-Telefone
Zoom-Telefone
Drahtlose Bluetooth-Headsets
Drahtlose DECT-Headsets
Kabelgebundene Headsets
USB-Kameras
Headset-Zubehör
Freisprecheinrichtungen
T5-Serie
T4-Serie
T3-Serie
DECT-Telefone
Konferenztelefone
Telefonzubehör
MeetingEye-Serie
Serie „Videokonferenzräume“.
Geräteverwaltungsplattform
Management-Cloud-Dienst
USB-Verbindungsverwaltung
Teams Room
Teams-Telefon
SkySound Audio-Lösung
Zoom-Telefon
Zoom-Rooms
Zoom-Meetings
Live-Demo-Service
Raumkonfigurator
Finanzen
Ausbildung
Gesundheitspflege
Herstellung
Zukünftige Arbeitnehmer
Headset und Mobilteil
Persönliche Zusammenarbeit
Desktop-Video
RingCentral-Lösungen
3CX-Lösung
Extron-Lösung
BroadSoft-Lösung
Metaswitch-Lösung
BlueJeans-Lösung
Kleiner Raum
Mittlerer Raum
Großer Raum
Sehr Großer Raum
Support Home
Legen Sie eine Karte vor
Wissensbasis
Beantragen Sie eine Lizenz
Wartung
Partner PrimeCare Service
Headset-Kompatibilität
Headset-Ressourcenzentrum
Zertifizierungsportal
Lernzentrum
Trainingsliste
Software
Unterlagen
Videos
Überblick
Sicherheit und Compliance
Privatsphäre
Ressourcen
Sicherheitshinweise
End-of-Life-Richtlinie
PSTI-Konformitätserklärung
Partnercenter
Channel-Partner
Technologiepartner
Carrier- und ITSP-Partner
Junior zertifizierter IP-Telefoningenieur
Leitender zertifizierter IP-Telefoningenieur
Zertifizierter Vertriebsingenieur für IP-Telefone
Yealink Microsoft Teams-Lösungsverkaufskurs
Yealink Microsoft Teams-Lösungstechnischer Kurs
Unternehmensprofil
Firmenauszeichnungen
Gesellschaftliche Verantwortung
Datenschutzerklärung
Blog
Nachrichtenzentrum
Kundengeschichten
Warum Unified Communications
Warum Video-Zusammenarbeit
Vor-Ort- und gehosteter Service
Kontakt Vertrieb
Kontakt Support
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW

Yealink Phone Privilege escalation Vulnerabilities


CVE Dictionary Entry: CVE-2019-14656

DATE PUBLISHED: 2019-10-08



Please Note: 

Yealink takes the security of our customers and our products seriously. This is a living document and may be subject to updates.The latest version of this document can be found atthe following URL: https://www.yealink.com/trust-center-resource




Vulnerability Summary

Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP.




Solution

Yealink has released software updates to all affected phone models that contain fixes for these issues as well as other fixes and features. Please refer to the release notes for your particular endpoint for more information.



Phone Series

Product Family and Model

Fixed Software Release

SIP-T27P

45.83.0.120

SIP-T29G

46.83.0.120

SIP-T41P

36.83.0.120

SIP-T42G

29.83.0.120

SIP-T46G

28.83.0.120

SIP-T48G

35.83.0.120

SIP-T19P_E2

53.84.0.130

SIP-T21P_E2

52.84.0.130

SIP-T23G

44.84.0.130

SIP-T40P

54.84.0.130

SIP-T40G

76.84.0.130

SIP-T52S/T54S

70.84.0.80

SIP-CP920

78.86.0.15

T4XS Series Phones

66. 86.0.15

T4XU Series Phones

108.86.0.60

T3X Series Phones

124.86.0.60

T5X Series Phones

96.86.0.60

SIP-T58

58.86.0.5

SIP-CP960

73.86.0.5

SIP-VP59

91.86.0.5

SIP-T58W

150.86.0.35

SIP-CP965

143.86.0.5

VP59-Zoom

91.30.0.30

MP5X-Zoom

122.30.0.15

MP5X-Teams

122.15.0.9

T5X-Teams

58.15.0.53

CP960-Teams

73.15.0.163

CP965-Teams

143.15.0.12

W60B

146.85.0.35

W70B

77.85.0.60

W80B

103.83.0.80

W90B

130.85.0.25




VCS Series

Product Family and Model

Fixed Software Release

VC210 Series

118.320.0.15

MeetingEye400 Series

120.320.0.15

MeetingEye400Pro Series

133.320.0.15

MeetingEye800 Series

129.320.0.30

VP59-VCS

91.353.0.10

MeetingBoard65

155.310.0.15


The software, release notes, and other documentation for your voice endpoint can be found at: https://support.yealink.com/en/portal/home




Mitigation

Yealink recommends all customers upgrade to the latest version.




Contact

Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Yealink Technical Support by visiting: https://support.yealink.com/en/portal/home for the latest information.

You might also find value in the high-level security guidance and security news located at: https://support.yealink.com/en/portal/home



Your Privacy
Strictly Necessary Cookies
Preferences Cookies
Statistics Cookies
Targeted Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, the website stores or retrieves information from your browser, mostly in the form of Cookies. This information may relate to your personal information, preferences or device information and is used primarily to enable the website to provide the services you expect. This information does not usually directly identify you personally, but can provide you with a more personalized web experience. We fully respect your privacy, so you can choose not to allow certain types of Cookies, simply by clicking on the name of a different Cookie category to learn more and change the default settings. However, blocking certain types of Cookies may affect your experience with the site and the services we can provide to you.
Learn more ->
Strictly Necessary Cookies
Always On
These Cookies are essential for users to navigate the site and use its features, which are necessary for the proper functioning of the site, and cannot be turned off on our system. They are set only for actions you do that are equivalent to service requests, such as setting up your login or populating a form.You can set your browser to block or alert you to such Cookies, but some features of the site will not work. These Cookies do not store any personally identifiable information.
Learn more ->
Preferences Cookies
These cookies are mainly used to record users' preferences while browsing the website and using its features. These cookies allow the website to remember your interactions with the website, choices you have made in the past and information you have entered, such as your preferred language or what your username and password are, so you can be logged in automatically. If you do not allow the use of such Cookies, you will not be able to enjoy a more convenient experience with the site.
Learn more ->
Statistics Cookies
These Cookies allow us to count the number of visits to our website and the sources of traffic in order to evaluate and improve the performance of our website. These Cookies also help us to understand the popularity of our pages and the activity of our visitors on the site. All information collected by such Cookies is aggregated to ensure that it remains anonymous. If you do not allow the use of such Cookies, we will have no way of knowing when you visit our site and will not be able to monitor site performance.
Learn more ->
Targeted Cookies
These Cookies may be set by our advertising partners through our website and may also be used by those companies to create profiles of your interests and to display relevant advertisements to you on other websites. These Cookies do not store personal information directly, but use some information that uniquely identifies your browser and Internet device. If you do not allow the use of such Cookies, the advertisements you see will be less targeted.
Learn more ->
PRIVACY PREFERENCE CENTER
Your Privacy
Your Privacy
When you visit any website, the website stores or retrieves information from your browser, mostly in the form of Cookies. This information may relate to your personal information, preferences or device information and is used primarily to enable the website to provide the services you expect. This information does not usually directly identify you personally, but can provide you with a more personalized web experience. We fully respect your privacy, so you can choose not to allow certain types of Cookies, simply by clicking on the name of a different Cookie category to learn more and change the default settings. However, blocking certain types of Cookies may affect your experience with the site and the services we can provide to you.
Learn more ->
Strictly Necessary Cookies
Strictly Necessary Cookies
Always On
These Cookies are essential for users to navigate the site and use its features, which are necessary for the proper functioning of the site, and cannot be turned off on our system. They are set only for actions you do that are equivalent to service requests, such as setting up your login or populating a form.You can set your browser to block or alert you to such Cookies, but some features of the site will not work. These Cookies do not store any personally identifiable information.
Learn more ->
Preferences Cookies
Preferences Cookies
These Cookies are primarily used to record the preferences of users as they navigate the site and use its features. These Cookies allow the website to remember the choices you have made in the past, such as which language you prefer or what your username and password are, so that you can automatically log in. If you do not allow the use of such Cookies, you will not be able to enjoy a more convenient experience with the site.
Learn more ->
Statistics Cookies
Statistics Cookies
These Cookies allow us to count the number of visits to our website and the sources of traffic in order to evaluate and improve the performance of our website. These Cookies also help us to understand the popularity of our pages and the activity of our visitors on the site. All information collected by such Cookies is aggregated to ensure that it remains anonymous. If you do not allow the use of such Cookies, we will have no way of knowing when you visit our site and will not be able to monitor site performance.
Learn more ->
Targeted Cookies
Targeted Cookies
These Cookies may be set by our advertising partners through our website and may also be used by those companies to create profiles of your interests and to display relevant advertisements to you on other websites. These Cookies do not store personal information directly, but use some information that uniquely identifies your browser and Internet device. If you do not allow the use of such Cookies, the advertisements you see will be less targeted.
Learn more ->
Except for necessary cookies, we may also use functional cookies (including third party cookies) to deliver experience for you. You can turn them off by clicking “configure". More information in cookies policy.
Configure I Accept