Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-41710 | Mitel SIP Phones Argument Injection Vulnerability | exploitation_technique | T1068 | Exploitation for Privilege Escalation |
Comments
Improper input sanitization in the Mitel 6869i SIP Phone, firmware version 6.3.0.1020 can be exploited to obtain root access on the device and execute arbitrary code.
References
|
| CVE-2024-41710 | Mitel SIP Phones Argument Injection Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
Improper input sanitization in the Mitel 6869i SIP Phone, firmware version 6.3.0.1020 can be exploited to obtain root access on the device and execute arbitrary code.
References
|