The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NMitel 6863
HWMitelwszystkie wersjeMitel 6863 Firmware
OSMitel5.1≤ 5.0Mitel 6865
HWMitelwszystkie wersjeMitel 6865 Firmware
OSMitel5.1≤ 5.0Mitel 6867
HWMitelwszystkie wersjeMitel 6867 Firmware
OSMitel5.1≤ 5.0Mitel 6869
HWMitelwszystkie wersjeMitel 6869 Firmware
OSMitel5.1≤ 5.0Mitel 6873
HWMitelwszystkie wersjeMitel 6873 Firmware
OSMitel5.1≤ 5.0Mitel 6905
HWMitelwszystkie wersjeMitel 6905 Firmware
OSMitel5.1≤ 5.0Mitel 6910
HWMitelwszystkie wersjeMitel 6910 Firmware
OSMitel5.1≤ 5.0Mitel 6920
HWMitelwszystkie wersjeMitel 6920 Firmware
OSMitel5.1≤ 5.0Mitel 6930
HWMitelwszystkie wersjeMitel 6930 Firmware
OSMitel5.1≤ 5.0Mitel 6940
HWMitelwszystkie wersjeMitel 6940 Firmware
OSMitel5.1≤ 5.0Mitel 6970
HWMitelwszystkie wersjeMitel 6970 Firmware
OSMitel5.1≤ 5.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
Related vulnerabilities
CVE-2024-41710HIGH7.2⚠ KEVten sam produkt
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Confere...
CVE-2024-28066HIGH8.8ten sam produkt
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
CVE-2022-29854MEDIUM6.8ten sam produkt
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, co...
CVE-2019-18863MEDIUM5.9ten sam produkt
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series pho...
CVE-2024-41713CRITICAL9.1⚠ KEVPL ✓ten sam vendor
Path Traversal w Mitel MiCollab — nieautoryzowany dostęp do danych