PromptRiskDBThreat intelligence atlas

CVE-2024-41710 - Mitel SIP Phones

AI Vulnerability Context

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the co...

Overview

A source-backed snapshot of this vulnerability.

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

CISA KEVyesWhether CISA lists this as exploited.
Techniques0AI attack methods connected to this vulnerability.
Case studies0Examples where this vulnerability is mentioned.

Vulnerability status

How serious this vulnerability is and whether it is known to be exploited.

CISA KEVHIGH
CVE ID
CVE-2024-41710
Vendor/project
Mitel
Product
SIP Phones
Vulnerability name
Mitel SIP Phones Argument Injection Vulnerability
Date added
2025-02-12
Due date
2025-03-05
Known ransomware campaign use
Unknown
CVSS v3
7.2
CWE-88

Exploit context

What the vulnerability is about.

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

Source evidence

Original public records and references for this page.

Original source

Original source links

Open the public records and source datasets used for this page.