MEDIUM✓ PATCH🇬🇧 English

CVE-2022-29854

CVSS 6.8v3.1pub. 2022-05-13upd. 2024-11-21

A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mitel 6905

    HW
    Mitel
    wszystkie wersje
  • Mitel 6910

    HW
    Mitel
    wszystkie wersje
  • Mitel 6920

    HW
    Mitel
    wszystkie wersje
  • Mitel 6930

    HW
    Mitel
    wszystkie wersje
  • Mitel 6930 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6940

    HW
    Mitel
    wszystkie wersje
  • Mitel 6940 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel Minet Firmware

    OS
    Mitel
    ≤ 1.8.0.12
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCEAuth Bypass
CWE
Referencje

Powiązane podatności

CVE-2024-41710HIGH7.2⚠ KEVten sam produkt

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Confere...

CVE-2024-28066HIGH8.8ten sam produkt

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).

CVE-2020-27639HIGH8.1ten sam produkt

The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could a...

CVE-2020-13617HIGH7.5ten sam produkt

The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could all...

CVE-2022-29855MEDIUM6.8ten sam produkt

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerabi...