Vulnerabilites related to mitel - 6869i_sip
CVE-2022-29855 (GCVE-0-2022-29855)
Vulnerability from cvelistv5
Published
2022-05-11 19:12
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitel.com/support/security-advisories | x_refsource_MISC | |
| https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004 | x_refsource_CONFIRM | |
| https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2022/Jun/32 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021"
},
{
"name": "20220610 Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have \"undocumented functionality.\" A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T18:07:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021"
},
{
"name": "20220610 Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have \"undocumented functionality.\" A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitel.com/support/security-advisories",
"refsource": "MISC",
"url": "https://www.mitel.com/support/security-advisories"
},
{
"name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004"
},
{
"name": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021",
"refsource": "MISC",
"url": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021"
},
{
"name": "20220610 Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jun/32"
},
{
"name": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29855",
"datePublished": "2022-05-11T19:12:48",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37570 (GCVE-0-2024-37570)
Vulnerability from cvelistv5
Published
2024-06-09 00:00
Modified
2024-10-25 18:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mitel:rev00_6868i_:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rev00_6868i_",
"vendor": "mitel",
"versions": [
{
"status": "affected",
"version": "4.5.0.41"
}
]
},
{
"cpes": [
"cpe:2.3:h:mitel:rev03_6869i:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rev03_6869i",
"vendor": "mitel",
"versions": [
{
"status": "affected",
"version": "5.0.0.10.18sp1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37570",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T19:44:14.748724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T18:47:40.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:57:39.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-firmware.py"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-09T19:37:49.193642",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-firmware"
},
{
"url": "https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-firmware.py"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37570",
"datePublished": "2024-06-09T00:00:00",
"dateReserved": "2024-06-09T00:00:00",
"dateUpdated": "2024-10-25T18:47:40.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37569 (GCVE-0-2024-37569)
Vulnerability from cvelistv5
Published
2024-06-09 00:00
Modified
2024-08-02 03:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mitel:6869i_firmware:4.5.0.41:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "6869i_firmware",
"vendor": "mitel",
"versions": [
{
"status": "affected",
"version": "4.5.0.41"
},
{
"status": "affected",
"version": "5.0.0.1018"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37569",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T12:43:09.374978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T12:46:21.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:57:39.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-provis"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-provis.py"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=I9TQqfP5qzM"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-09T19:38:03.567033",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-provis"
},
{
"url": "https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-provis.py"
},
{
"url": "https://www.youtube.com/watch?v=I9TQqfP5qzM"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37569",
"datePublished": "2024-06-09T00:00:00",
"dateReserved": "2024-06-09T00:00:00",
"dateUpdated": "2024-08-02T03:57:39.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41710 (GCVE-0-2024-41710)
Vulnerability from cvelistv5
Published
2024-08-12 00:00
Modified
2025-07-30 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:mitel:6865i_sip_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:mitel:6867i_sip_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:mitel:6869i_sip_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:mitel:6873i_sip_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:mitel:6930_sip_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:mitel:6940_sip_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "6940_sip_firmware",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "6.4.0.136",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "6905_sip_firmware",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "6.4.0.136",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "6910_sip_firmware",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "6.4.0.136",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "6915_sip_firmware",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "6.4.0.136",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "6920_sip_firmware",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "6.4.0.136",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "6920w_sip_firmware",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "6.4.0.136",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "6930w_sip_firmware",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "6.4.0.136",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "6940w_sip_firmware",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "6.4.0.136",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitel:6970_conference_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "6970_conference_firmware",
"vendor": "mitel",
"versions": [
{
"lessThanOrEqual": "6.4.0.136",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41710",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T04:55:21.238275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-02-12",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41710"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:36:36.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2025-02-12T00:00:00+00:00",
"value": "CVE-2024-41710 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:43:56.976Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mitel.com/support/security-advisories"
},
{
"url": "https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md"
},
{
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-41710",
"datePublished": "2024-08-12T00:00:00.000Z",
"dateReserved": "2024-07-22T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:36:36.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-06-09 20:15
Modified
2024-11-21 09:24
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitel | 6869i_sip_firmware | 4.5.0.41 | |
| mitel | 6869i_sip | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6869i_sip_firmware:4.5.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "51590F94-5237-4121-A6F0-C8C25D55FBDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "654554ED-253C-4928-92D0-92EADF5F4768",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution."
},
{
"lang": "es",
"value": "En dispositivos Mitel 6869i 4.5.0.41, la p\u00e1gina Actualizaci\u00f3n manual de firmware (upgrade.html) no realiza sanitizaci\u00f3n en los par\u00e1metros de nombre de usuario y ruta (enviados por un usuario autenticado) antes de agregar indicadores al comando ftpget de Busybox. Esto lleva a la ejecuci\u00f3n del comando $()."
}
],
"id": "CVE-2024-37570",
"lastModified": "2024-11-21T09:24:05.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-09T20:15:09.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-firmware.py"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-firmware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-firmware.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-firmware"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-09 20:15
Modified
2024-11-21 09:24
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Summary
An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitel | 6869i_sip_firmware | * | |
| mitel | 6869i_sip_firmware | * | |
| mitel | 6869i_sip | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D691F3-B302-475B-9527-09D091318240",
"versionEndIncluding": "4.5.0.41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0EC3DA-18DD-48AC-803C-1EB9E8281F9D",
"versionEndIncluding": "5.0.0.1018",
"versionStartIncluding": "5.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "654554ED-253C-4928-92D0-92EADF5F4768",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en dispositivos Mitel 6869i hasta 4.5.0.41 y 5.x hasta 5.0.0.1018. Existe una vulnerabilidad de inyecci\u00f3n de comando en el par\u00e1metro de nombre de host tomado por el endpoint provis.html. El endpoint provis.html no realiza ninguna sanitizaci\u00f3n en el par\u00e1metro de nombre de host (enviado por un usuario autenticado), que posteriormente se escribe en el disco. Durante el arranque, el par\u00e1metro de nombre de host se ejecuta como parte de una serie de comandos de shell. Los atacantes pueden lograr la ejecuci\u00f3n remota de c\u00f3digo en el contexto ra\u00edz colocando metacaracteres del shell en el par\u00e1metro de nombre de host."
}
],
"id": "CVE-2024-37569",
"lastModified": "2024-11-21T09:24:05.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-09T20:15:09.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-provis.py"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-provis"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.youtube.com/watch?v=I9TQqfP5qzM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/kwburns/CVE/blob/main/Mitel/5.0.0.1018/code/exploit-provis.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kwburns/CVE/tree/main/Mitel/5.0.0.1018#authenticated-remote-command-execution-provis"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.youtube.com/watch?v=I9TQqfP5qzM"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-11 20:15
Modified
2024-11-21 06:59
Severity ?
Summary
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7678AC8-4893-4BDD-9554-981AF85BC539",
"versionEndExcluding": "5.1.0.8017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79B6E80D-966B-41E7-A781-92F550C3CBEA",
"versionEndExcluding": "6.1.0.171",
"versionStartIncluding": "6.0.0.368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C298A98-C6CE-4AEB-AD9F-FFCFA1E865F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6218C45A-65E9-45F1-AF5C-811E51E5EF76",
"versionEndExcluding": "5.1.0.8017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8E11E6-EC37-4DFB-9934-EEC7660A501C",
"versionEndExcluding": "6.1.0.171",
"versionStartIncluding": "6.0.0.368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1837336E-7A1D-414C-B888-56350AF6C32A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "607AF439-9645-420A-A18C-F62798DA2E1A",
"versionEndExcluding": "5.1.0.8017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5602A412-65CE-4489-BDCA-AB29B0090BB4",
"versionEndExcluding": "6.1.0.171",
"versionStartIncluding": "6.0.0.368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05422EAF-9528-48CE-972C-9DF111F91570",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB793AC-4B34-4F79-8B7A-FD30BE70686C",
"versionEndExcluding": "5.1.0.8017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B9FDAE-DBB6-4247-A7B7-BA57EA4159D7",
"versionEndExcluding": "6.1.0.171",
"versionStartIncluding": "6.0.0.368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFF6ED-44F6-4D3B-99EA-0F8FE58EC34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82EFCE42-5AFF-469A-B3C0-2C1648738FB9",
"versionEndExcluding": "5.1.0.8017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F11C5CB6-4A4F-4431-831F-2BFB46146938",
"versionEndExcluding": "6.1.0.171",
"versionStartIncluding": "6.0.0.368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4942E820-8103-4763-8715-F1301F233B05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0A50DB-183F-447D-8C51-CD1478332413",
"versionEndExcluding": "5.1.0.8017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3441C82-7A63-4FDA-B9BE-54E6AC328592",
"versionEndExcluding": "6.1.0.171",
"versionStartIncluding": "6.0.0.368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "654554ED-253C-4928-92D0-92EADF5F4768",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "121C5EB0-A486-4436-AAA5-F937CE9D6ABE",
"versionEndIncluding": "5.1.0.8016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5688B5-BE5E-4117-AB14-C2F0E23B1410",
"versionEndIncluding": "6.1.0.165",
"versionStartIncluding": "6.0.0.368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8084E6D-1382-4785-9D01-0111A04B233A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C235F9-1622-4256-AE68-A58C5F4B7BAB",
"versionEndIncluding": "5.1.0.8016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4D1C46-208E-4D16-9F22-2AFCDEF8C65A",
"versionEndIncluding": "6.1.0.165",
"versionStartIncluding": "6.0.0.368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "412A5856-40B0-4633-B0F6-D87D3DB85BE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A077047-BA41-4FF5-8767-CC17EE94AA74",
"versionEndIncluding": "5.1.0.8016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C20941-8A80-40C8-814E-49E11609EE77",
"versionEndIncluding": "6.1.0.165",
"versionStartIncluding": "6.0.0.368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97CB43CD-3B53-4839-9AE4-67024A276305",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have \"undocumented functionality.\" A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution."
},
{
"lang": "es",
"value": "Los dispositivos telef\u00f3nicos SIP de las series 6800 y 6900 de Mitel versiones hasta 27-04-2022, presentan una \"funcionalidad no documentada\". Una vulnerabilidad en los tel\u00e9fonos SIP de las series 6800 y 6900 de Mitel, excepto el 6970, versiones 5.1 SP8 (5.1.0.8016) y anteriores, y 6.0 (6.0.0.368) hasta 6.1 HF4 (6.1.0.165), podr\u00eda permitir a un atacante no autenticado con acceso f\u00edsico al tel\u00e9fono conseguir acceso root debido a un control de acceso insuficiente para la funcionalidad test durante el inicio del sistema. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir el acceso a informaci\u00f3n confidencial y una ejecuci\u00f3n de c\u00f3digo"
}
],
"id": "CVE-2022-29855",
"lastModified": "2024-11-21T06:59:49.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-11T20:15:08.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-12 19:15
Modified
2025-02-18 15:28
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.mitel.com/support/security-advisories | Vendor Advisory | |
| cve@mitre.org | https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitel | 6970_firmware | * | |
| mitel | 6970 | - | |
| mitel | 6940w_sip_firmware | * | |
| mitel | 6940w_sip | - | |
| mitel | 6930w_sip_firmware | * | |
| mitel | 6930w_sip | - | |
| mitel | 6920w_sip_firmware | * | |
| mitel | 6920w_sip | - | |
| mitel | 6920_sip_firmware | * | |
| mitel | 6920_sip | - | |
| mitel | 6915_sip_firmware | * | |
| mitel | 6915_sip | - | |
| mitel | 6910_sip_firmware | * | |
| mitel | 6910_sip | - | |
| mitel | 6905_sip_firmware | * | |
| mitel | 6905_sip | - | |
| mitel | 6940_sip_firmware | * | |
| mitel | 6940_sip | - | |
| mitel | 6930_sip_firmware | * | |
| mitel | 6930_sip | - | |
| mitel | 6873i_sip_firmware | * | |
| mitel | 6873i_sip | - | |
| mitel | 6869i_sip_firmware | * | |
| mitel | 6869i_sip | - | |
| mitel | 6867i_sip_firmware | * | |
| mitel | 6867i_sip | - | |
| mitel | 6865i_sip_firmware | * | |
| mitel | 6865i_sip | - | |
| mitel | 6863i_sip_firmware | * | |
| mitel | 6863i_sip | - |
{
"cisaActionDue": "2025-03-05",
"cisaExploitAdd": "2025-02-12",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Mitel SIP Phones Argument Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D391B6ED-2FEF-43A3-8ECE-F42B79E1F9CD",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*",
"matchCriteriaId": "651C4A02-AE83-4D6E-B49F-D756DF8032F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD5BE48-120F-4A09-96C8-1095E04C8D69",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6940w_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BB4B3A-65F9-4726-938D-71B686BC13E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E36148-4C07-46E4-B99C-FD3D8EBF48F8",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6930w_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5230BCB-800F-434D-9AAB-A35A7F87D356",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE5CF0D-7BF3-468E-9809-6A1417C6989F",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6920w_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "663416FA-7F4F-45CA-A28F-3FF20214F20B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D8483A-A448-416F-9918-B1D995616553",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8084E6D-1382-4785-9D01-0111A04B233A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A04266DF-3E78-47DB-BAA5-E79FCB38974B",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6915_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F279F8-83D8-4EEC-AA99-5EED398653E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91BCABB3-BA8D-41B8-953B-A33C7BFB332C",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "412A5856-40B0-4633-B0F6-D87D3DB85BE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B379EEB-2927-4A36-83A1-E7B4CB88F3E4",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97CB43CD-3B53-4839-9AE4-67024A276305",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3ED2A5-977E-4743-838F-62EE2A7A6837",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05422EAF-9528-48CE-972C-9DF111F91570",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECFE164-B4A2-44DC-B603-EF7C4E6F68F4",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1837336E-7A1D-414C-B888-56350AF6C32A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66B0069E-B089-46B0-B1D7-C560A15FC26E",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C298A98-C6CE-4AEB-AD9F-FFCFA1E865F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4415660E-385F-43DC-9F37-4C06AC7F052F",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "654554ED-253C-4928-92D0-92EADF5F4768",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "645135A3-362E-4DBB-805C-49A6B21EB4C9",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4942E820-8103-4763-8715-F1301F233B05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91CC349C-AFB9-418F-9425-0038E91EF7BC",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAFF6ED-44F6-4D3B-99EA-0F8FE58EC34B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10E7483A-BFB0-4F2A-B5DF-43AD0A308F7B",
"versionEndIncluding": "6.4.0.136",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6863i_sip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7C6275-6DA1-4768-A331-5290E8CB64D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en los tel\u00e9fonos SIP Mitel de las series 6800, 6900 y 6900w, incluida la unidad de conferencia 6970, a trav\u00e9s de R6.4.0.HF1 (R6.4.0.136) podr\u00eda permitir que un atacante autenticado con privilegios administrativos lleve a cabo un ataque de inyecci\u00f3n de argumentos, debido a una desinfecci\u00f3n insuficiente de los par\u00e1metros durante el proceso de arranque. Un exploit exitoso podr\u00eda permitir a un atacante ejecutar comandos arbitrarios dentro del contexto del sistema."
}
],
"id": "CVE-2024-41710",
"lastModified": "2025-02-18T15:28:00.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-08-12T19:15:16.850",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}