1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Mitel SIP Phones Argument Injection Vulnerability

Known Exploited Vulnerabilities CVE-2024-41710

Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability exploitation_technique T1068 Exploitation for Privilege Escalation
Comments
Improper input sanitization in the Mitel 6869i SIP Phone, firmware version 6.3.0.1020 can be exploited to obtain root access on the device and execute arbitrary code.
References
  1. https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md
CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
Improper input sanitization in the Mitel 6869i SIP Phone, firmware version 6.3.0.1020 can be exploited to obtain root access on the device and execute arbitrary code.
References
  1. https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md