Zenitel Station Firmware Package Vulnerability

The Zenitel Station is a networked, IP-based telephone system used in various industries. The vulnerability exists due to incomplete validation of user-supplied input in the OS command injection mechanism, allowing an unauthenticated attacker to inject arbitrary commands.

You're affected if you use An OS command. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

1. Upgrade to a later version of the Station Firmware Package (version 3.2.1 or higher) from the Zenitel website: https://wiki.zenitel.com/wiki/Downloads#Station_and_device_Firmware_Package_.28VS-IS.29
2. Immediately restrict network access to your Station instance and monitor for suspicious activity.

• github.com
• wiki.zenitel.com
• www.cisa.gov