ГлавнаяУязвимости → CVE-2024-41710
7.2высокая

CVE-2024-41710

Описание

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

Затрагиваемое ПО
Mitel 6970 firmwareMitel 6970Mitel 6940w sip firmwareMitel 6940w sipMitel 6930w sip firmwareMitel 6930w sipMitel 6920w sip firmwareMitel 6920w sipMitel 6920 sip firmwareMitel 6920 sipMitel 6915 sip firmwareMitel 6915 sipMitel 6910 sip firmwareMitel 6910 sipMitel 6905 sip firmwareMitel 6905 sipMitel 6940 sip firmwareMitel 6940 sipMitel 6930 sip firmwareMitel 6930 sipMitel 6873i sip firmwareMitel 6873i sipMitel 6869i sip firmwareMitel 6869i sipMitel 6867i sip firmware
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.mdhttps://www.mitel.com/support/security-advisorieshttps://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41710