CVE-2024-41710
CVE-2024-41710
In short
A flaw in Mitel SIP phones allows an admin user to inject malicious commands during boot by bypassing input checks, potentially running unauthorized code on the device.
Technical detail
Argument injection vulnerability in Mitel 6800/6900/6900w Series phones (up to R6.4.0.HF1) affecting the boot process due to insufficient parameter sanitization. An authenticated attacker with administrative privileges can inject arbitrary arguments to execute system commands with device privileges.
Summary generated and translated by AI from the official description.
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.mdhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41710https://www.mitel.com/support/security-advisorieshttps://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019