MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2022-29855

CVSS 6.8v3.1pub. 2022-05-11upd. 2024-11-21

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mitel 6865i Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6865i Sip Firmware

    OS
    Mitel
    6.0.0.368 – 6.1.0.171 (bez)< 5.1.0.8017
  • Mitel 6867i Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6867i Sip Firmware

    OS
    Mitel
    6.0.0.368 – 6.1.0.171 (bez)< 5.1.0.8017
  • Mitel 6869i Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6869i Sip Firmware

    OS
    Mitel
    6.0.0.368 – 6.1.0.171 (bez)< 5.1.0.8017
  • Mitel 6873i Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6873i Sip Firmware

    OS
    Mitel
    < 5.1.0.80176.0.0.368 – 6.1.0.171 (bez)
  • Mitel 6905 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6905 Sip Firmware

    OS
    Mitel
    6.0.0.368 – 6.1.0.165≤ 5.1.0.8016
  • Mitel 6910 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6910 Sip Firmware

    OS
    Mitel
    ≤ 5.1.0.80166.0.0.368 – 6.1.0.165
  • Mitel 6920 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6920 Sip Firmware

    OS
    Mitel
    6.0.0.368 – 6.1.0.165≤ 5.1.0.8016
  • Mitel 6930 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6930 Sip Firmware

    OS
    Mitel
    < 5.1.0.80176.0.0.368 – 6.1.0.171 (bez)
  • Mitel 6940 Sip

    HW
    Mitel
    wszystkie wersje
  • Mitel 6940 Sip Firmware

    OS
    Mitel
    < 5.1.0.80176.0.0.368 – 6.1.0.171 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEAuth Bypass
CWE
References

Related vulnerabilities

CVE-2024-41710HIGH7.2⚠ KEVten sam produkt

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Confere...

CVE-2024-37569HIGH8.8ten sam produkt

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injectio...

CVE-2024-37570HIGH8.8ten sam produkt

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization ...

CVE-2020-27639HIGH8.1ten sam produkt

The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could a...

CVE-2022-29854MEDIUM6.8ten sam produkt

A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, co...