CVE-2024-41710
HIGH
7,2
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,2114
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Other
Potential Impacts:
Execute Unauthorized Code Or Commands
Alter Execution Logic
Read Application Data
Modify Application Data
Applicable Platforms
Languages:
Not Language-Specific, PHP
Operating System
6863I Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6940 Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6940W Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6869I Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6930 Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6867I Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6873I Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6920W Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6905 Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6910 Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6865I Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6915 Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6930W Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6970 Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
6920 Sip Firmware by Mitel
Version Range Affected
To
6.4.0.136
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024…
https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-adviso…