CVE-2024-41710

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md	Exploit Third Party Advisory
https://www.mitel.com/support/security-advisories	Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6940w_sip:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6930w_sip:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6920w_sip:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6915_sip:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6863i_sip:-:*:*:*:*:*:*:*

History

18 Feb 2025, 15:28

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.8~~	v2 : unknown v3 : 7.2
References	~~() https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md -~~	() https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md - Exploit, Third Party Advisory
References	~~() https://www.mitel.com/support/security-advisories -~~	() https://www.mitel.com/support/security-advisories - Vendor Advisory
References	~~() https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019 -~~	() https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019 - Vendor Advisory
First Time		Mitel 6940w Sip Mitel 6863i Sip Firmware Mitel 6940 Sip Mitel 6920w Sip Mitel 6930 Sip Firmware Mitel 6970 Mitel 6930w Sip Mitel 6915 Sip Mitel 6873i Sip Firmware Mitel 6920w Sip Firmware Mitel 6867i Sip Firmware Mitel 6940w Sip Firmware Mitel 6863i Sip Mitel 6940 Sip Firmware Mitel 6930w Sip Firmware Mitel 6867i Sip Mitel 6910 Sip Mitel Mitel 6930 Sip Mitel 6865i Sip Mitel 6869i Sip Firmware Mitel 6920 Sip Firmware Mitel 6905 Sip Firmware Mitel 6970 Firmware Mitel 6865i Sip Firmware Mitel 6920 Sip Mitel 6873i Sip Mitel 6869i Sip Mitel 6905 Sip Mitel 6910 Sip Firmware Mitel 6915 Sip Firmware
CPE		cpe:2.3:o:mitel:6940_sip_firmware:::::::: cpe:2.3:h:mitel:6867i_sip:-:::::::* cpe:2.3:o:mitel:6905_sip_firmware:::::::: cpe:2.3:h:mitel:6905_sip:-:::::::* cpe:2.3:o:mitel:6867i_sip_firmware:::::::: cpe:2.3:o:mitel:6865i_sip_firmware:::::::: cpe:2.3:o:mitel:6930w_sip_firmware:::::::: cpe:2.3:h:mitel:6930w_sip:-:::::::* cpe:2.3:o:mitel:6920_sip_firmware:::::::: cpe:2.3:h:mitel:6970:-:::::::* cpe:2.3:o:mitel:6920w_sip_firmware:::::::: cpe:2.3:h:mitel:6915_sip:-:::::::* cpe:2.3:h:mitel:6920w_sip:-:::::::* cpe:2.3:o:mitel:6940w_sip_firmware:::::::: cpe:2.3:h:mitel:6869i_sip:-:::::::* cpe:2.3:h:mitel:6940w_sip:-:::::::* cpe:2.3:h:mitel:6910_sip:-:::::::* cpe:2.3:o:mitel:6910_sip_firmware:::::::: cpe:2.3:o:mitel:6869i_sip_firmware:::::::: cpe:2.3:h:mitel:6940_sip:-:::::::* cpe:2.3:h:mitel:6863i_sip:-:::::::* cpe:2.3:o:mitel:6915_sip_firmware:::::::: cpe:2.3:o:mitel:6863i_sip_firmware:::::::: cpe:2.3:h:mitel:6930_sip:-:::::::* cpe:2.3:o:mitel:6873i_sip_firmware:::::::: cpe:2.3:o:mitel:6970_firmware:::::::: cpe:2.3:h:mitel:6920_sip:-:::::::* cpe:2.3:h:mitel:6873i_sip:-:::::::* cpe:2.3:o:mitel:6930_sip_firmware:::::::: cpe:2.3:h:mitel:6865i_sip:-:::::::*

Information

Published : 2024-08-12 19:15

Updated : 2025-02-18 15:28

NVD link : CVE-2024-41710

Mitre link : CVE-2024-41710

CVE.ORG link : CVE-2024-41710

JSON object : View

Products Affected

mitel

6920_sip_firmware
6873i_sip
6940_sip
6869i_sip
6915_sip
6930_sip_firmware
6865i_sip
6920w_sip_firmware
6867i_sip_firmware
6970
6905_sip_firmware
6920_sip
6915_sip_firmware
6865i_sip_firmware
6910_sip_firmware
6910_sip
6970_firmware
6940_sip_firmware
6863i_sip
6930w_sip_firmware
6940w_sip
6940w_sip_firmware
6930w_sip
6873i_sip_firmware
6869i_sip_firmware
6930_sip
6905_sip
6867i_sip
6920w_sip
6863i_sip_firmware

CWE

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

7.2 /10