Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Mitel
Subscribe
|
6865i Sip
Subscribe
6865i Sip Firmware
Subscribe
6867i Sip
Subscribe
6867i Sip Firmware
Subscribe
6869i Sip
Subscribe
6869i Sip Firmware
Subscribe
6873i Sip
Subscribe
6873i Sip Firmware
Subscribe
6905 Sip
Subscribe
6905 Sip Firmware
Subscribe
6910 Sip
Subscribe
6910 Sip Firmware
Subscribe
6920 Sip
Subscribe
6920 Sip Firmware
Subscribe
6930 Sip
Subscribe
6930 Sip Firmware
Subscribe
6940 Sip
Subscribe
6940 Sip Firmware
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-34173 | Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-03T06:33:42.841Z
Reserved: 2022-04-27T00:00:00
Link: CVE-2022-29855
No data.
Status : Modified
Published: 2022-05-11T20:15:08.787
Modified: 2024-11-21T06:59:49.933
Link: CVE-2022-29855
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD