Improper Authentication in Mitel products - CVE-2024-31964
Published: April 19, 2024
Vulnerability identifier: #VU88836
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-31964
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
6800 Series SIP Phones
6900 Series SIP Phones
6900w Series SIP Phone
6970 Conference Unit
6800 Series SIP Phones
6900 Series SIP Phones
6900w Series SIP Phone
6970 Conference Unit
Software vendor:
Mitel
Mitel
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker can modify SIP phone configuration settings and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.