9.3 CRITICAL
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): High (H)
- Vulnerable System Impact Integrity (VI): High (H)
- Vulnerable System Impact Availability (VA): High (H)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): High (H)
- Modified Vulnerable System Impact Integrity (MVI): High (H)
- Modified Vulnerable System Impact Availability (MVA): High (H)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
Authentication Bypass in Slican telephone exchanges
Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version 6.56.0430 - MAC-6400: version 6.56.0430 - CXS-0424: version 6.30.0510 The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below: - CCT-1668 (CCT1CPU) - MAC-6400 - CXS-0424 These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.
References
-
https://cert.pl/posts/2026/05/CVE-2026-35087 third-party-advisory
Affected products
- <6.61.0040
- <1.24.0250
- <6.56.0430
- <6.30.0510
- <6.56.0430
Matching in nixpkgs
pkgs.ipxe
Network boot firmware
pkgs.ncps
Nix binary cache proxy service
pkgs.nncp
Secure UUCP-like store-and-forward exchanging
pkgs.pipx
Install and run Python applications in isolated environments
pkgs.shncpd
Simple, stupid and slow HNCP daemon
-
nixos-unstable 2016-06-22
- nixpkgs-unstable 2016-06-22
- nixos-unstable-small 2016-06-22
pkgs.croncpp
C++11/14/17 header-only cross-platform library for handling CRON expressions
-
nixos-unstable 2023.03.30
- nixpkgs-unstable 2023.03.30
- nixos-unstable-small 2023.03.30
pkgs.jsoncpp
C++ library for interacting with JSON
pkgs.opencpn
Concise ChartPlotter/Navigator
pkgs.syncplay
Free software that synchronises media players
pkgs.ncpamixer
Terminal mixer for PulseAudio inspired by pavucontrol
pkgs.qrcodegencpp
High-quality QR Code generator library in many languages
pkgs.syncplay-nogui
Free software that synchronises media players
pkgs.jsoncppSecureMemory
C++ library for interacting with JSON
pkgs.perlPackages.AsyncPing
Ping a huge number of servers in several seconds
pkgs.python312Packages.pipx
None
pkgs.python313Packages.pipx
Install and run Python applications in isolated environments
pkgs.python314Packages.pipx
Install and run Python applications in isolated environments
pkgs.perl5Packages.AsyncPing
Ping a huge number of servers in several seconds
pkgs.perl538Packages.AsyncPing
None
pkgs.perl540Packages.AsyncPing
None
pkgs.python312Packages.asyncpg
None
pkgs.python313Packages.asyncpg
Asyncio PosgtreSQL driver
pkgs.python314Packages.asyncpg
Asyncio PosgtreSQL driver
pkgs.weechatScripts.zncplayback
Add support for the ZNC Playback module
pkgs.python312Packages.ancp-bids
None
pkgs.python312Packages.asyncpraw
None
pkgs.python313Packages.ancp-bids
Read/write/validate/query BIDS datasets
pkgs.python313Packages.asyncpraw
Asynchronous Python Reddit API Wrapper
-
nixos-unstable 7.8.1-unstable-2025-10-08
- nixpkgs-unstable 7.8.1-unstable-2025-10-08
- nixos-unstable-small 7.8.1-unstable-2025-10-08
pkgs.python314Packages.ancp-bids
Read/write/validate/query BIDS datasets
pkgs.python314Packages.asyncpraw
Asynchronous Python Reddit API Wrapper
-
nixos-unstable 7.8.1-unstable-2025-10-08
- nixpkgs-unstable 7.8.1-unstable-2025-10-08
- nixos-unstable-small 7.8.1-unstable-2025-10-08
pkgs.python312Packages.asyncpysupla
None
pkgs.python313Packages.asyncpysupla
Simple Supla's OpenAPI async wrapper
pkgs.python314Packages.asyncpysupla
Simple Supla's OpenAPI async wrapper
pkgs.python312Packages.asyncprawcore
None
pkgs.python312Packages.funcparserlib
None
pkgs.python313Packages.asyncprawcore
Low-level asynchronous communication layer for Async PRAW
pkgs.python313Packages.funcparserlib
Recursive descent parsing library based on functional combinators
pkgs.python314Packages.asyncprawcore
Low-level asynchronous communication layer for Async PRAW
pkgs.python314Packages.funcparserlib
Recursive descent parsing library based on functional combinators
pkgs.python313Packages.peakrdl-ipxact
Import and export IP-XACT XML register models
pkgs.python314Packages.peakrdl-ipxact
Import and export IP-XACT XML register models
Package maintainers
-
@typedrat Alexis Williams <alexis@typedr.at>
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@aciceri Andrea Ciceri <andrea.ciceri@autistici.org>
-
@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
-
@woffs Frank Doepper <github@woffs.de>
-
@kragniz Louis Taylor <louis@kragniz.eu>
-
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
-
@yshym Yevhen Shymotiuk <yshym@pm.me>
-
@bcdarwin Ben Darwin <bcdarwin@gmail.com>
-
@eadwu Edmund Wu <edmund.wu@protonmail.com>
-
@amadejkastelic Amadej Kastelic <amadejkastelic7@gmail.com>
-
@JamieMagee Jamie Magee <jamie.magee@gmail.com>
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
-
@Assistant Assistant Moetron <assistant.moetron@gmail.com>
-
@alyssais Alyssa Ross <hi@alyssa.is>
-
@jmbaur Jared Baur <jaredbaur@fastmail.com>