HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2024-41710

CVSS 7.2v3.1pub. 2024-08-12upd. 2025-11-05

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Mitel 6863i Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6863i Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6865i Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6865i Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6867i Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6867i Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6869i Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6869i Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6873i Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6873i Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6905 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6905 Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6910 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6910 Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6915 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6915 Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6920 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6920 Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6920w Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6920w Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6930 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6930 Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6930w Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6930w Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6940 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6940 Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6940w Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6940w Sip Firmware

    OS
    Mitel
    ≤ 6.4.0.136
  • Mitel 6970

    HW
    Mitel
    wszystkie wersje
  • Mitel 6970 Firmware

    OS
    Mitel
    ≤ 6.4.0.136

CISA KEV — detailsi

Vendori
Mitel
Producti
SIP Phones
Added to KEVi
February 12, 2025
Remediation deadline (US Federal)i
March 5, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 5 marca 2025
CWE
References

Related vulnerabilities

CVE-2024-37570HIGH8.8ten sam produkt

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization ...

CVE-2024-37569HIGH8.8ten sam produkt

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injectio...

CVE-2024-28066HIGH8.8ten sam produkt

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).

CVE-2020-27639HIGH8.1ten sam produkt

The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could a...

CVE-2020-13617HIGH7.5ten sam produkt

The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could all...