Primary

Context

Zenitel Products Command Execution Vulnerability via Hostname

Vulnerability

A vulnerability exists in Zenitel's VS-IS, ICX-AlphaCom, and AlphaCom XE products, allowing authenticated attackers to execute commands by manipulating the device's hostname. This issue is present in several different versions and ranges, depending on the specific product.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the affected device.

Remediation

Users are advised to upgrade to Zenitel VS-IS version 9.3.3.1 or 8.2.3.5 for TCIV, ICX-AlphaCom version 1.5.3.3, or AlphaCom XE BSP version 32.4.3.12. No further action is required for devices already running these releases.

Added: Jan 9, 2026, 10:45 AM

Updated: Jan 9, 2026, 10:45 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zenitel Products Command Execution Vulnerability via Hostname

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating