CVE-2024-41710

Published Aug 12, 2024

Last updated 7 days ago

Exploit known CVSS high 7.2

Overview

Description: A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Known exploits

Data from CISA

Vulnerability name: Mitel SIP Phones Argument Injection Vulnerability
Exploit added on: Feb 12, 2025
Exploit action due: Mar 5, 2025
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov: CWE-88
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-88

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D391B6ED-2FEF-43A3-8ECE-F42B79E1F9CD",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "651C4A02-AE83-4D6E-B49F-D756DF8032F3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BD5BE48-120F-4A09-96C8-1095E04C8D69",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6940w_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E0BB4B3A-65F9-4726-938D-71B686BC13E1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1E36148-4C07-46E4-B99C-FD3D8EBF48F8",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6930w_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C5230BCB-800F-434D-9AAB-A35A7F87D356"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DE5CF0D-7BF3-468E-9809-6A1417C6989F",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6920w_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "663416FA-7F4F-45CA-A28F-3FF20214F20B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1D8483A-A448-416F-9918-B1D995616553",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8084E6D-1382-4785-9D01-0111A04B233A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A04266DF-3E78-47DB-BAA5-E79FCB38974B",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6915_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E3F279F8-83D8-4EEC-AA99-5EED398653E8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91BCABB3-BA8D-41B8-953B-A33C7BFB332C",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "412A5856-40B0-4633-B0F6-D87D3DB85BE5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B379EEB-2927-4A36-83A1-E7B4CB88F3E4",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "97CB43CD-3B53-4839-9AE4-67024A276305"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A3ED2A5-977E-4743-838F-62EE2A7A6837",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "05422EAF-9528-48CE-972C-9DF111F91570"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4ECFE164-B4A2-44DC-B603-EF7C4E6F68F4",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1837336E-7A1D-414C-B888-56350AF6C32A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66B0069E-B089-46B0-B1D7-C560A15FC26E",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3C298A98-C6CE-4AEB-AD9F-FFCFA1E865F6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4415660E-385F-43DC-9F37-4C06AC7F052F",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "654554ED-253C-4928-92D0-92EADF5F4768"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "645135A3-362E-4DBB-805C-49A6B21EB4C9",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4942E820-8103-4763-8715-F1301F233B05"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91CC349C-AFB9-418F-9425-0038E91EF7BC",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0AAFF6ED-44F6-4D3B-99EA-0F8FE58EC34B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10E7483A-BFB0-4F2A-B5DF-43AD0A308F7B",
            "versionEndIncluding": "6.4.0.136"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitel:6863i_sip:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5D7C6275-6DA1-4768-A331-5290E8CB64D0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Known exploits

Weaknesses

Social media

Configurations

References