CVE-2022-29854

A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVSS v3 6.8 MEDIUM
CVSS v2.0 7.2 HIGH

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2022/Jun/32	Exploit Mailing List Third Party Advisory
https://www.mitel.com/support/security-advisories	Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003	Vendor Advisory
https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021	Third Party Advisory
http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2022/Jun/32	Exploit Mailing List Third Party Advisory
https://www.mitel.com/support/security-advisories	Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003	Vendor Advisory
https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mitel:minet_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:mitel:6905:-:::::::*
	cpe:2.3:h:mitel:6910:-:::::::*
	cpe:2.3:h:mitel:6920:-:::::::*
	cpe:2.3:h:mitel:6930:-:::::::*
	cpe:2.3:h:mitel:6930_sip:-:::::::*
	cpe:2.3:h:mitel:6940:-:::::::*
	cpe:2.3:h:mitel:6940_sip:-:::::::*

History

21 Nov 2024, 06:59

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html - Exploit, Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html - Exploit, Third Party Advisory, VDB Entry
References	~~() http://seclists.org/fulldisclosure/2022/Jun/32 - Exploit, Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2022/Jun/32 - Exploit, Mailing List, Third Party Advisory
References	~~() https://www.mitel.com/support/security-advisories - Vendor Advisory~~	() https://www.mitel.com/support/security-advisories - Vendor Advisory
References	~~() https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003 - Vendor Advisory~~	() https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003 - Vendor Advisory
References	~~() https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 - Third Party Advisory~~	() https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 - Third Party Advisory

20 Jun 2022, 19:15

Type	Values Removed	Values Added
References		(MISC) http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html -

11 Jun 2022, 09:15

Type	Values Removed	Values Added
References		(FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/32 -

10 Jun 2022, 14:15

Type	Values Removed	Values Added
References		(MISC) https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 -

24 May 2022, 17:02

Type	Values Removed	Values Added
References	~~(CONFIRM) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003 -~~	(CONFIRM) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003 - Vendor Advisory
References	~~(MISC) https://www.mitel.com/support/security-advisories -~~	(MISC) https://www.mitel.com/support/security-advisories - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 6.8
CWE		CWE-863
CPE		cpe:2.3:h:mitel:6910:-:::::::* cpe:2.3:h:mitel:6930:-:::::::* cpe:2.3:o:mitel:minet_firmware:::::::: cpe:2.3:h:mitel:6940:-:::::::* cpe:2.3:h:mitel:6920:-:::::::* cpe:2.3:h:mitel:6940_sip:-:::::::* cpe:2.3:h:mitel:6930_sip:-:::::::* cpe:2.3:h:mitel:6905:-:::::::*

13 May 2022, 15:08

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-13 14:15

Updated : 2024-11-21 06:59

NVD link : CVE-2022-29854

Mitre link : CVE-2022-29854

CVE.ORG link : CVE-2022-29854

JSON object : View

Products Affected

mitel

6940_sip
minet_firmware
6910
6940
6930
6905
6930_sip
6920

CWE

CWE-863

Incorrect Authorization

6.8 /10