CVE-2026-35087
Gravedad CVSS v4.0:
CRÍTICA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/05/2026
Última modificación:
27/05/2026
Descripción
*** Pendiente de traducción *** Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command.<br />
<br />
<br />
This issue was fixed in versions below:<br />
- NCP: version 1.24.0250<br />
- IPx series: version 6.61.0040<br />
- CCT-1668: version 6.56.0430<br />
- MAC-6400: version 6.56.0430<br />
- CXS-0424: version 6.30.0510<br />
<br />
The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:<br />
- CCT-1668 (CCT1CPU)<br />
- MAC-6400<br />
- CXS-0424<br />
These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.
Impacto
Puntuación base 4.0
9.30
Gravedad 4.0
CRÍTICA



