Vulnerabilites related to mitel - 6910_firmware
Vulnerability from fkie_nvd
Published
2020-08-26 18:15
Modified
2024-11-21 05:01
Severity ?
Summary
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6863_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AE79A3-8F8B-4964-93A0-734C6982AF80",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6863_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "60148792-AA6E-4D0E-A919-92CFBDA93427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6863_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "580264D3-8677-4C5C-82E2-038C3CE9E321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6863_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "714633DB-BF06-4C59-9CE6-01C6C3BE4DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6863_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "80ABBFBA-BA41-4163-99D4-1B0341BDFFCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6863_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "EA3EC57A-E03B-44A8-AC15-3FF696EEAA1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6863:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8931208E-AE65-4BFA-98C6-9BFC7F17167E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6865_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF357FE4-9FF1-4EA8-8C23-80FEA0098079",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B47EF143-7163-494E-839F-24FF05FE0908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9E076FEB-C607-48B1-BA7B-2EAABB4F5E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "6178F195-9543-4D2B-A5BA-2D2CA1B3D1D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "373CC71D-10BB-4EB2-858E-31658F8A2FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6865_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C6041B7B-D4BF-4298-AC53-FEC62C468289",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "031C26C6-91DA-4876-B2B3-7F903527D9DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6867_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CCE18F-073D-4CB4-81FD-1DCBC3C95EB1",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1A073A3C-4F10-4AB6-A4C6-808C27DCD7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7F8D49A0-B21E-4DBF-919A-C859B56A72B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EAFCF656-7180-49AC-BCB4-9C878D808E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8E94FE44-81C7-437E-9079-4F1AB58FC328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6867_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A080097A-3C0D-4CAA-81C5-4AF34DB183ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6867:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA28BDA-2FE9-4D6C-B209-639FFC41BB82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6869_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDCC23D8-CDE8-44DA-ACD7-FB0E45F8EEB0",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F9A4026F-B540-41D3-A8D4-ADBA3042DB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DB2CFF02-1DA3-40A7-A8C1-B26EF961B21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "137C5C8F-76EA-41BC-A49C-E175B3FFFEBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "0D413BB8-B97D-4729-AB13-B71F102881D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6869_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C47C4102-0361-4891-AE23-1AF8706417CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6869:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E937DB-9C85-4B51-B7C2-AE692C9DB1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6873_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A7C4C1-74EB-4438-94B9-9900C9EF4CFE",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2F65438A-A8D3-4B07-A0F4-046F0F373CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "131EA8EB-0F54-4BF5-BDC4-554E9D0A260B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EA7ECE31-AE0F-4168-9FA9-5A5F4D1BDF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "D124E8A4-1C96-4D21-8D39-DFBF49D1CB3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6873_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "5B8B4A44-67F2-4199-B66A-DF4DCE9DF697",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A85278-841C-497E-86D5-A9B0C401EC09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2384567-4806-46BD-9317-94D868804794",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5F222056-AFC7-44FA-BB76-CEE9F4139F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B86EAEC7-BFB5-488F-9CEB-27D57F6E7973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E07B64F3-206C-41D1-B0D1-FDA1B458CA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "959BA4C3-1E94-47F6-BB6E-92B44DED9B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6940_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "622145EA-842A-48B8-B6AD-3609A7E707F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3759B6-49DF-44A8-A49E-E2306966B966",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E50A91FB-CBC7-4BC0-B706-521BE23550D8",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "44BF1E96-71A4-4194-8640-93CFA93C6728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7CDEE027-A1CC-4249-85E5-A49F9F3976BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E207BA5E-C5BF-4E9D-B6C7-46963EC04B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "50128192-03BE-4B3F-B137-86CE0F6A0F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "4B3A4E83-8BB3-4110-AA9B-E00A60FD85BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*",
"matchCriteriaId": "651C4A02-AE83-4D6E-B49F-D756DF8032F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44298B54-C7E3-4047-9919-EE5E94426FC6",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EF8174D1-8F9C-4A37-B81F-C065759ED7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C7907AA2-1574-4DAF-8BD9-B353DAB65ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8E961799-6917-4B11-8C3A-B89319CCF5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3F0EE9B0-D37E-487D-A47C-048AC85E94C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6930_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "DFD9DABD-628B-4EAA-884E-87F081F43525",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92940D17-30A8-4F1C-95F7-9D7C922C58D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D01DFA7D-2F04-4474-804D-D98103A322E6",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "E0BE473D-B722-48D2-B858-1B4519491B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E64AEF5A-5389-4285-B534-03E7B135A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "21F00CAA-56FD-4651-AEE4-584264BA5CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "DC20F25B-34EE-42D2-B477-2225AAD5905D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6920_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "8E6499F7-5DA6-48DB-A1F4-7FD5D02BB416",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "313C5AC0-5535-4D83-9404-D1EAA38A5FA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9138A81A-A3ED-4A93-8ACB-AE0073E03374",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "27AED609-D33B-4E59-A4FD-85A19EA5FE24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6E31B15B-C8C7-4F0A-AA8A-ABF959C339A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3AD03CB5-F4CD-46A7-A7A7-E208995B8B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6ED4FE3F-7C99-42C5-B11C-84DCD5C306E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "29EDB71D-AC8E-4AA2-B2E3-3F3FB71B1DE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD555D7-9F4C-46A1-B8DD-D60EB0BA6797",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBF6266-6159-45D4-B1CA-250B62772C7F",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "950AA5D9-5E52-4491-B904-0DAF2A2B0D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:5.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6AC0F0FE-30C9-4A66-B159-883017426CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:5.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF182182-2560-44E0-BE1C-F21CF312344B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:5.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "730374AE-685E-4825-9891-39D3D9ECCB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:5.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "31A1FAF6-21AE-43E7-89F1-910EA7865B79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92F0F9-CC50-4C36-A7E8-751B6C98E8B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts."
},
{
"lang": "es",
"value": "El componente de la Interfaz de Usuario Web de los Tel\u00e9fonos SIP de la Serie Mitel MiVoice 6800 y 6900 con versiones de firmware anteriores a 5.1.0.SP5, podr\u00eda permitir a un atacante no autenticado exponer informaci\u00f3n confidencial debido a un manejo inapropiado de la memoria durante los intentos fallidos de inicio de sesi\u00f3n"
}
],
"id": "CVE-2020-13617",
"lastModified": "2024-11-21T05:01:36.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-26T18:15:10.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-08 13:15
Modified
2025-06-18 19:01
Severity ?
Summary
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://syss.de | Not Applicable | |
| cve@mitre.org | https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt | Third Party Advisory, Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://syss.de | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt | Third Party Advisory, Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitel | 6940w_firmware | * | |
| mitel | 6940w | - | |
| mitel | 6930w_firmware | * | |
| mitel | 6930w | - | |
| mitel | 6920w_firmware | * | |
| mitel | 6920w | - | |
| mitel | 6970_firmware | * | |
| mitel | 6970 | - | |
| mitel | 6915_firmware | * | |
| mitel | 6915 | - | |
| mitel | 6910_firmware | * | |
| mitel | 6910 | - | |
| mitel | 6905_firmware | * | |
| mitel | 6905 | - | |
| mitel | openscape_cp710_firmware | * | |
| mitel | openscape_cp710 | - | |
| mitel | openscape_cp410_firmware | * | |
| mitel | openscape_cp410 | - | |
| mitel | openscape_cp210_firmware | * | |
| mitel | openscape_cp210 | - | |
| mitel | openscape_cp110_firmware | * | |
| mitel | openscape_cp110 | - | |
| mitel | openscape_cpx10_firmware | * | |
| mitel | openscape_cpx10 | - | |
| mitel | openscape_dect_firmware | * | |
| mitel | openscape_dect | - | |
| mitel | 700d_dect_firmware | * | |
| mitel | 700d_dect | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6940w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8F353A-2954-4FCF-B481-C192FD983206",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6940w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90B86603-CC66-49E1-AB63-94A628FA44E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6930w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAFE2C1-336F-4B5A-BEF0-EE766508B3A3",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6930w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A57C4650-5CA1-4417-9EE7-22D9FDC8124D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6920w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB75480D-DE6A-4038-AC3B-622BB5D8F8F8",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6920w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71EB8862-6461-428F-8B82-C054C4D2CE5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5288B8BB-678A-4910-BBF4-3E8257AFAE75",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*",
"matchCriteriaId": "651C4A02-AE83-4D6E-B49F-D756DF8032F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6915_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C89C7D-9753-484C-902E-8BB0A28185AE",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12F66268-D7C8-450A-BBFF-33EE09DF4A5F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB643C04-00DF-4EF1-8A1E-39BD6800C553",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92F0F9-CC50-4C36-A7E8-751B6C98E8B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C916E4A-39AC-452F-BAD4-4E47CD69F70A",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD555D7-9F4C-46A1-B8DD-D60EB0BA6797",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:openscape_cp710_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B1F5EE-FB44-43AD-9D37-CBA8D2155831",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:openscape_cp710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85362640-CB42-40BB-8803-F7D960911327",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:openscape_cp410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37C4EA4-5DD1-44FF-A282-7AE88508E6DC",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:openscape_cp410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51303B03-5853-495B-9F7E-C7F530CE57EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:openscape_cp210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9918B1F7-7E82-4D80-9058-A1C4C65009BD",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:openscape_cp210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE489CF3-FAF4-48BE-A548-651C0B2E5CDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:openscape_cp110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDFD4E2-00A5-42A7-940D-FF7C06497C35",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:openscape_cp110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F91E6A0-E42D-4173-9AC9-76DB576A61C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:openscape_cpx10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B08446-EB47-4B1E-9F44-DD9EA5EC855E",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:openscape_cpx10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E2F08B1-A897-41D7-A515-2376A0A7C8EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:openscape_dect_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA4596E-508B-40DF-98B6-CEFF87019911",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:openscape_dect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DDF093-3F48-4789-AD24-49F137B22AE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:700d_dect_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A563B34B-B56B-43A9-AE83-4D792A44792E",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:700d_dect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09BDF12A-9343-4663-8A64-77BCEE5928D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password)."
},
{
"lang": "es",
"value": "En el firmware 1.10.4.3 de Unify CP IP Phone, se utilizan credenciales d\u00e9biles (una contrase\u00f1a ra\u00edz codificada)."
}
],
"id": "CVE-2024-28066",
"lastModified": "2025-06-18T19:01:05.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-08T13:15:08.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://syss.de"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Exploit"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://syss.de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Exploit"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-259"
},
{
"lang": "en",
"value": "CWE-1391"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2024-28066 (GCVE-0-2024-28066)
Vulnerability from cvelistv5
Published
2024-04-08 00:00
Modified
2024-08-15 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:47.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://syss.de"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:atos:openscape_desk_phone_ip_35g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openscape_desk_phone_ip_35g_firmware",
"vendor": "atos",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "1.10.4.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:atos:openscape_desk_phone_ip_35g_eco_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openscape_desk_phone_ip_35g_eco_firmware",
"vendor": "atos",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "1.10.4.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28066",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T17:26:56.257553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T14:44:40.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T12:44:00.192684",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://syss.de"
},
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-28066",
"datePublished": "2024-04-08T00:00:00",
"dateReserved": "2024-03-01T00:00:00",
"dateUpdated": "2024-08-15T14:44:40.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13617 (GCVE-0-2020-13617)
Vulnerability from cvelistv5
Published
2020-08-26 18:02
Modified
2024-08-04 12:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mitel.com/support/security-advisories | x_refsource_MISC | |
| https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-26T18:02:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mitel.com/support/security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitel.com/support/security-advisories",
"refsource": "MISC",
"url": "https://www.mitel.com/support/security-advisories"
},
{
"name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13617",
"datePublished": "2020-08-26T18:02:00",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}