Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-35089

Gravedad CVSS v4.0:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/05/2026
Última modificación:
27/05/2026

Descripción

*** Pendiente de traducción *** In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials.<br /> <br /> This issue was fixed in versions below:<br /> - IPx series: version 6.61.0040<br /> - CCT-1668: version 6.56.0430<br /> - MAC-6400: version 6.56.0430<br /> - CXS-0424: version 6.30.0510<br /> <br /> The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:<br /> - CCT-1668 (CCT1CPU)<br /> - MAC-6400<br /> - CXS-0424<br /> These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.

Referencias a soluciones, herramientas e información