Improper Neutralization of Argument Delimiters in a Command in Mitel products - CVE-2024-31966
Published: April 19, 2024
Vulnerability identifier: #VU88840
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-31966
CWE-ID: CWE-88
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Mitel
Affected software:
6800 Series SIP Phones
6900 Series SIP Phones
6900w Series SIP Phone
6970 Conference Unit
6800 Series SIP Phones
6900 Series SIP Phones
6900w Series SIP Phone
6970 Conference Unit
Detailed vulnerability description
The vulnerability allows a local attacker to compromsie the target system.
The vulnerability exists due to an argument injection issue. An attacker with physical access can execute arbitrary code on the target system.
How to mitigate CVE-2024-31966
Install updates from vendor's website.