CVE-2024-29150 is a vulnerability discovered in Alcatel-Lucent ALE NOE deskphones (through firmware 86x8_NOE-R300.1.40.12.4180) and SIP deskphones (through firmware 86x8_SIP-R200.1.01.10.728). The root cause is improper privilege management related to debug log file handling. Authenticated attackers can create symbolic links within debug file directories that point to sensitive or protected files elsewhere on the device. When the system collects debug logs, it runs with root privileges and follows these symlinks, inadvertently including the contents of the targeted sensitive files into the debug archive. This results in unauthorized disclosure of confidential data, potentially including configuration files, credentials, or other protected information. The vulnerability is classified under CWE-269 (Improper Privilege Management). Exploitation requires the attacker to have valid authentication credentials but does not require user interaction. The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with network attack vector and low attack complexity. No patches or exploits in the wild are currently reported, but the risk is significant due to the root-level access during debug log collection.

This vulnerability can lead to severe data breaches by exposing sensitive files through debug archives accessible to attackers. Confidentiality is highly impacted as attackers can access protected data, including potentially sensitive configuration or credential files. Integrity and availability are also at risk since attackers might manipulate debug processes or files, potentially disrupting device operation or injecting malicious data. Organizations relying on these Alcatel-Lucent deskphones for voice communications, especially in sensitive environments like government, finance, or critical infrastructure, face increased risk of espionage, data leakage, and operational disruption. The requirement for authentication limits exposure to insiders or compromised accounts but does not eliminate risk, particularly in large organizations with many users. The absence of known exploits in the wild suggests limited current exploitation but also highlights the need for proactive mitigation before attackers develop weaponized exploits.

1. Immediately verify if firmware updates or patches are available from Alcatel-Lucent and apply them as soon as possible. 2. Restrict access to the affected deskphones' management interfaces to trusted personnel only, enforcing strong authentication and network segmentation. 3. Monitor and audit authentication logs on these devices to detect unusual access patterns or unauthorized login attempts. 4. Disable or restrict debug log collection features if not essential, or ensure debug logs are stored in secure, non-symlink-following locations. 5. Implement strict file system permissions and integrity monitoring on debug directories to prevent unauthorized symlink creation. 6. Educate administrators and users about the risk of credential compromise, as authenticated access is required for exploitation. 7. Consider network-level controls such as firewall rules or VLAN segmentation to limit exposure of these devices to untrusted networks. 8. Prepare incident response plans specific to these devices to quickly contain and remediate any detected exploitation attempts.