CVE-2026-35087 Slican CVE debrief

Who should care

Organizations operating Slican telephone exchanges including NCP, IPx series, CCT-1668, MAC-6400, or CXS-0424 models. Particular urgency for organizations with end-of-life hardware (CCT-1668 CCT1CPU, MAC-6400, CXS-0424 versions 4.xx and below) that cannot receive software patches and require hardware replacement.

Technical summary

The vulnerability exists in the administrative protocol implementation of Slican telephone exchanges, where an attacker can execute a specific command to bypass authentication entirely without providing valid credentials. This represents an authentication bypass using an alternate path or channel (CWE-288). The attack requires network access to the administrative interface but no prior authentication or user interaction. Successful exploitation grants full administrative control over affected telephone exchange systems.

Defensive priority

critical

Recommended defensive actions

• Immediately inventory all Slican telephone exchange deployments to identify affected models and firmware versions
• Upgrade NCP systems to version 1.24.0250 or later
• Upgrade IPx series systems to version 6.61.0040 or later
• Upgrade CCT-1668 systems to version 6.56.0430 or later (if hardware supports)
• Upgrade MAC-6400 systems to version 6.56.0430 or later (if hardware supports)
• Upgrade CXS-0424 systems to version 6.30.0510 or later (if hardware supports)
• For end-of-life CCT-1668 (CCT1CPU), MAC-6400, and CXS-0424 running versions 4.xx or below, contact Slican service department to evaluate hardware upgrade options
• Implement network segmentation to isolate telephone exchange management interfaces from untrusted networks until patching is complete

Evidence notes

Vulnerability disclosed by CERT.PL with CVSS 4.0 scoring. Affected products include NCP, IPx series, CCT-1668, MAC-6400, and CXS-0424 telephone exchanges. CWE-288 (Authentication Bypass Using an Alternate Path or Channel) identified as root cause.

Official resources