CVE-2024-41710

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
Argument Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
6.8 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
mitel6970_firmware
𝑥
≤ 6.4.0.136
mitel6940w_sip_firmware
𝑥
≤ 6.4.0.136
mitel6930w_sip_firmware
𝑥
≤ 6.4.0.136
mitel6920w_sip_firmware
𝑥
≤ 6.4.0.136
mitel6920_sip_firmware
𝑥
≤ 6.4.0.136
mitel6915_sip_firmware
𝑥
≤ 6.4.0.136
mitel6910_sip_firmware
𝑥
≤ 6.4.0.136
mitel6905_sip_firmware
𝑥
≤ 6.4.0.136
mitel6940_sip_firmware
𝑥
≤ 6.4.0.136
mitel6930_sip_firmware
𝑥
≤ 6.4.0.136
mitel6873i_sip_firmware
𝑥
≤ 6.4.0.136
mitel6869i_sip_firmware
𝑥
≤ 6.4.0.136
mitel6867i_sip_firmware
𝑥
≤ 6.4.0.136
mitel6865i_sip_firmware
𝑥
≤ 6.4.0.136
mitel6863i_sip_firmware
𝑥
≤ 6.4.0.136
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019