Multiple vulnerabilities in Mitel 6800, 6900, 6900w Series SIP Phones and 6970 Conference Unit
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2024-31963 CVE-2024-31967 CVE-2024-31966 CVE-2024-31965 CVE-2024-31964 |
| CWE-ID | CWE-119 CWE-200 CWE-88 CWE-22 CWE-287 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
6800 Series SIP Phones Hardware solutions / Office equipment, IP-phones, print servers 6900 Series SIP Phones Hardware solutions / Office equipment, IP-phones, print servers 6900w Series SIP Phone Hardware solutions / Office equipment, IP-phones, print servers 6970 Conference Unit Hardware solutions / Office equipment, IP-phones, print servers |
| Vendor | Mitel |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU88835
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31963
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote user can trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versions6800 Series SIP Phones: 6.3 SP3 HF4
6900 Series SIP Phones: 6.3 SP3 HF4
6900w Series SIP Phone: 6.3.3
6970 Conference Unit: 5.1.1 SP8
External linkshttp://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0006
http://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin240006001-v10.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU88841
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31967
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versions6800 Series SIP Phones: 6.3 SP3 HF4
6900 Series SIP Phones: 6.3 SP3 HF4
6900w Series SIP Phone: 6.3.3
6970 Conference Unit: 5.1.1 SP8
External linkshttp://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0010
http://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin240010001-v10.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Neutralization of Argument Delimiters in a Command
EUVDB-ID: #VU88840
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31966
CWE-ID:
CWE-88 - Argument Injection or Modification
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromsie the target system.
The vulnerability exists due to an argument injection issue. An attacker with physical access can execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versions6800 Series SIP Phones: 6.3 SP3 HF4
6900 Series SIP Phones: 6.3 SP3 HF4
6900w Series SIP Phone: 6.3.3
6970 Conference Unit: 5.1.1 SP8
External linkshttp://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0009
http://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin240009001-v10.pdf
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Path traversal
EUVDB-ID: #VU88837
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31965
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote administrator can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versions6800 Series SIP Phones: 6.3 SP3 HF4
6900 Series SIP Phones: 6.3 SP3 HF4
6900w Series SIP Phone: 6.3.3
6970 Conference Unit: 5.1.1 SP8
External linkshttp://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0008
http://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin240008001-v10.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Authentication
EUVDB-ID: #VU88836
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31964
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker can modify SIP phone configuration settings and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versions6800 Series SIP Phones: 6.3 SP3 HF4
6900 Series SIP Phones: 6.3 SP3 HF4
6900w Series SIP Phone: 6.3.3
6970 Conference Unit: 5.1.1 SP8
External linkshttp://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0007
http://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin240007001-v10.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
