CVE-2022-29855

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVSS v3 6.8 MEDIUM
CVSS v2.0 7.2 HIGH

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2022/Jun/32	Exploit Mailing List Third Party Advisory
https://www.mitel.com/support/security-advisories	Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004	Vendor Advisory
https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021	Third Party Advisory
http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2022/Jun/32	Exploit Mailing List Third Party Advisory
https://www.mitel.com/support/security-advisories	Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004	Vendor Advisory
https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:mitel:6873i_sip_firmware::::::::
	cpe:2.3:o:mitel:6873i_sip_firmware::::::::

cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:mitel:6930_sip_firmware::::::::
	cpe:2.3:o:mitel:6930_sip_firmware::::::::

cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:mitel:6940_sip_firmware::::::::
	cpe:2.3:o:mitel:6940_sip_firmware::::::::

cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:mitel:6865i_sip_firmware::::::::
	cpe:2.3:o:mitel:6865i_sip_firmware::::::::

cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:mitel:6867i_sip_firmware::::::::
	cpe:2.3:o:mitel:6867i_sip_firmware::::::::

cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:mitel:6869i_sip_firmware::::::::
	cpe:2.3:o:mitel:6869i_sip_firmware::::::::

cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:mitel:6920_sip_firmware::::::::
	cpe:2.3:o:mitel:6920_sip_firmware::::::::

cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:mitel:6910_sip_firmware::::::::
	cpe:2.3:o:mitel:6910_sip_firmware::::::::

cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:mitel:6905_sip_firmware::::::::
	cpe:2.3:o:mitel:6905_sip_firmware::::::::

cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:59

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html - Exploit, Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html - Exploit, Third Party Advisory, VDB Entry
References	~~() http://seclists.org/fulldisclosure/2022/Jun/32 - Exploit, Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2022/Jun/32 - Exploit, Mailing List, Third Party Advisory
References	~~() https://www.mitel.com/support/security-advisories - Vendor Advisory~~	() https://www.mitel.com/support/security-advisories - Vendor Advisory
References	~~() https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004 - Vendor Advisory~~	() https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004 - Vendor Advisory
References	~~() https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 - Third Party Advisory~~	() https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 - Third Party Advisory

08 Aug 2023, 14:22

Type	Values Removed	Values Added
References	~~(MISC) https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 -~~	(MISC) https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 - Third Party Advisory
References	~~(MISC) http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html -~~	(MISC) http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html - Exploit, Third Party Advisory, VDB Entry
References	~~(FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/32 -~~	(FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/32 - Exploit, Mailing List, Third Party Advisory
CWE	~~CWE-863~~	NVD-CWE-Other

20 Jun 2022, 19:15

Type	Values Removed	Values Added
References		(MISC) http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html -

11 Jun 2022, 09:15

Type	Values Removed	Values Added
References		(FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/32 -

10 Jun 2022, 14:15

Type	Values Removed	Values Added
References		(MISC) https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 -

23 May 2022, 13:58

Type	Values Removed	Values Added
References	~~(CONFIRM) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004 -~~	(CONFIRM) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004 - Vendor Advisory
References	~~(MISC) https://www.mitel.com/support/security-advisories -~~	(MISC) https://www.mitel.com/support/security-advisories - Vendor Advisory
CPE		cpe:2.3:o:mitel:6920_sip_firmware:::::::: cpe:2.3:h:mitel:6873i_sip:-:::::::* cpe:2.3:h:mitel:6940_sip:-:::::::* cpe:2.3:h:mitel:6930_sip:-:::::::* cpe:2.3:o:mitel:6865i_sip_firmware:::::::: cpe:2.3:o:mitel:6940_sip_firmware:::::::: cpe:2.3:h:mitel:6865i_sip:-:::::::* cpe:2.3:o:mitel:6873i_sip_firmware:::::::: cpe:2.3:h:mitel:6910_sip:-:::::::* cpe:2.3:h:mitel:6869i_sip:-:::::::* cpe:2.3:o:mitel:6867i_sip_firmware:::::::: cpe:2.3:h:mitel:6867i_sip:-:::::::* cpe:2.3:o:mitel:6869i_sip_firmware:::::::: cpe:2.3:o:mitel:6905_sip_firmware:::::::: cpe:2.3:o:mitel:6910_sip_firmware:::::::: cpe:2.3:o:mitel:6930_sip_firmware:::::::: cpe:2.3:h:mitel:6905_sip:-:::::::* cpe:2.3:h:mitel:6920_sip:-:::::::*
CWE		CWE-863
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 6.8

11 May 2022, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-11 20:15

Updated : 2024-11-21 06:59

NVD link : CVE-2022-29855

Mitre link : CVE-2022-29855

CVE.ORG link : CVE-2022-29855

JSON object : View

Products Affected

mitel

6940_sip
6873i_sip
6873i_sip_firmware
6869i_sip_firmware
6920_sip
6865i_sip
6905_sip
6910_sip_firmware
6867i_sip
6920_sip_firmware
6905_sip_firmware
6865i_sip_firmware
6869i_sip
6910_sip
6940_sip_firmware
6930_sip_firmware
6930_sip
6867i_sip_firmware

CWE

NVD-CWE-Other

6.8 /10