CVE-2024-41710

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-41710
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md Exploit Third Party Advisory
https://www.mitel.com/support/security-advisories Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6940w_sip:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6930w_sip:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6920w_sip:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6915_sip:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6863i_sip:-:*:*:*:*:*:*:*
History

18 Feb 2025, 15:28

Type Values Removed Values Added
CPE cpe:2.3:h:mitel:6920w_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6940w_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6930w_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6863i_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6915_sip:-:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*
First Time Mitel 6863i Sip Firmware
Mitel 6920 Sip
Mitel 6915 Sip
Mitel 6867i Sip
Mitel 6865i Sip Firmware
Mitel 6940w Sip Firmware
Mitel 6930 Sip Firmware
Mitel 6905 Sip
Mitel 6970 Firmware
Mitel 6869i Sip
Mitel 6930w Sip Firmware
Mitel 6940 Sip
Mitel
Mitel 6865i Sip
Mitel 6873i Sip Firmware
Mitel 6930w Sip
Mitel 6930 Sip
Mitel 6863i Sip
Mitel 6869i Sip Firmware
Mitel 6970
Mitel 6920 Sip Firmware
Mitel 6940w Sip
Mitel 6940 Sip Firmware
Mitel 6905 Sip Firmware
Mitel 6867i Sip Firmware
Mitel 6920w Sip Firmware
Mitel 6920w Sip
Mitel 6910 Sip Firmware
Mitel 6910 Sip
Mitel 6873i Sip
Mitel 6915 Sip Firmware
References () https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md - () https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md - Exploit, Third Party Advisory
References () https://www.mitel.com/support/security-advisories - () https://www.mitel.com/support/security-advisories - Vendor Advisory
References () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019 - () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019 - Vendor Advisory
CVSS v2 : unknown
v3 : 6.8 		v2 : unknown
v3 : 7.2

14 Aug 2024, 18:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.8
CWE CWE-88

13 Aug 2024, 17:15

Type Values Removed Values Added
References
  • () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019 -

13 Aug 2024, 12:58

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en los teléfonos SIP Mitel de las series 6800, 6900 y 6900w, incluida la unidad de conferencia 6970, a través de R6.4.0.HF1 (R6.4.0.136) podría permitir que un atacante autenticado con privilegios administrativos lleve a cabo un ataque de inyección de argumentos, debido a una desinfección insuficiente de los parámetros durante el proceso de arranque. Un exploit exitoso podría permitir a un atacante ejecutar comandos arbitrarios dentro del contexto del sistema.

12 Aug 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-12 19:15

Updated : 2025-02-18 15:28

NVD link : CVE-2024-41710

Mitre link : CVE-2024-41710

CVE.ORG link : CVE-2024-41710

JSON object : View

Products Affected

mitel

  • 6865i_sip
  • 6930w_sip_firmware
  • 6930_sip_firmware
  • 6970_firmware
  • 6869i_sip
  • 6920_sip
  • 6869i_sip_firmware
  • 6867i_sip_firmware
  • 6863i_sip
  • 6910_sip
  • 6905_sip
  • 6915_sip
  • 6940_sip_firmware
  • 6920w_sip_firmware
  • 6915_sip_firmware
  • 6905_sip_firmware
  • 6873i_sip
  • 6940_sip
  • 6940w_sip_firmware
  • 6930_sip
  • 6865i_sip_firmware
  • 6867i_sip
  • 6970
  • 6873i_sip_firmware
  • 6920_sip_firmware
  • 6940w_sip
  • 6910_sip_firmware
  • 6920w_sip
  • 6863i_sip_firmware
  • 6930w_sip
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')