Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-41710

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

Published

2024-08-12T19:15:16.850

Last Modified

2025-02-18T15:28:00.123

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Primary
CWE-88
Type: Secondary
CWE-88

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	mitel	6970_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6970	-	No
Operating System	mitel	6940w_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6940w_sip	-	No
Operating System	mitel	6930w_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6930w_sip	-	No
Operating System	mitel	6920w_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6920w_sip	-	No
Operating System	mitel	6920_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6920_sip	-	No
Operating System	mitel	6915_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6915_sip	-	No
Operating System	mitel	6910_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6910_sip	-	No
Operating System	mitel	6905_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6905_sip	-	No
Operating System	mitel	6940_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6940_sip	-	No
Operating System	mitel	6930_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6930_sip	-	No
Operating System	mitel	6873i_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6873i_sip	-	No
Operating System	mitel	6869i_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6869i_sip	-	No
Operating System	mitel	6867i_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6867i_sip	-	No
Operating System	mitel	6865i_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6865i_sip	-	No
Operating System	mitel	6863i_sip_firmware	≤ 6.4.0.136	Yes
Hardware	mitel	6863i_sip	-	No

References

https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md Exploit, Third Party Advisory ([email protected])
https://www.mitel.com/support/security-advisories Vendor Advisory ([email protected])
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019 Vendor Advisory ([email protected])