Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for 6970_firmware by mitel

    CVE-2024-41710 (GCVE-0-2024-41710)

    Vulnerability from nvd – Published: 2024-08-12 00:00 – Updated: 2025-10-21 22:55
    VLAI CISA KEVIntel
    Summary
    A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    Impacted products
    Vendor Product Version
    mitel 6940_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:mitel:6865i_sip_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:mitel:6867i_sip_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:mitel:6869i_sip_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:mitel:6873i_sip_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:mitel:6930_sip_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:mitel:6940_sip_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6905_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6910_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6915_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6920_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6920w_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6930w_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6940w_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6970_conference_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6970_conference_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:mitel:6865i_sip_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:mitel:6867i_sip_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:mitel:6869i_sip_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:mitel:6873i_sip_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:mitel:6930_sip_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:mitel:6940_sip_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6940_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6905_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6910_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6915_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6920_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6920w_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6930w_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6940w_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6970_conference_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6970_conference_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41710",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-13T04:55:21.238275Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-02-12",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41710"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-88",
                    "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:48.544Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41710"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-02-12T00:00:00.000Z",
                "value": "CVE-2024-41710 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:43:56.976Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories"
            },
            {
              "url": "https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md"
            },
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-41710",
        "datePublished": "2024-08-12T00:00:00.000Z",
        "dateReserved": "2024-07-22T00:00:00.000Z",
        "dateUpdated": "2025-10-21T22:55:48.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28066 (GCVE-0-2024-28066)

    Vulnerability from nvd – Published: 2024-04-08 00:00 – Updated: 2024-08-15 14:44
    VLAI
    Summary
    In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-259 - Use of Hard-coded Password
    • CWE-1391 - Use of Weak Credentials
    Assigner
    Impacted products
    Vendor Product Version
    atos openscape_desk_phone_ip_35g_firmware Affected: 1.10.4.3 , ≤ * (custom)
        cpe:2.3:o:atos:openscape_desk_phone_ip_35g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atos openscape_desk_phone_ip_35g_eco_firmware Affected: 1.10.4.3 , ≤ * (custom)
        cpe:2.3:o:atos:openscape_desk_phone_ip_35g_eco_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:47.824Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://syss.de"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:atos:openscape_desk_phone_ip_35g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "openscape_desk_phone_ip_35g_firmware",
                "vendor": "atos",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "1.10.4.3",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:atos:openscape_desk_phone_ip_35g_eco_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "openscape_desk_phone_ip_35g_eco_firmware",
                "vendor": "atos",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "1.10.4.3",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28066",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-08T17:26:56.257553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-259",
                    "description": "CWE-259 Use of Hard-coded Password",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1391",
                    "description": "CWE-1391 Use of Weak Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-15T14:44:40.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-08T12:44:00.192Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://syss.de"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-28066",
        "datePublished": "2024-04-08T00:00:00.000Z",
        "dateReserved": "2024-03-01T00:00:00.000Z",
        "dateUpdated": "2024-08-15T14:44:40.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13617 (GCVE-0-2020-13617)

    Vulnerability from nvd – Published: 2020-08-26 18:02 – Updated: 2024-08-04 12:25
    VLAI
    Summary
    The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2020-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:25:16.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-26T18:02:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mitel.com/support/security-advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-13617",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories",
                  "refsource": "MISC",
                  "url": "https://www.mitel.com/support/security-advisories"
                },
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-13617",
        "datePublished": "2020-08-26T18:02:00.000Z",
        "dateReserved": "2020-05-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:25:16.097Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41710 (GCVE-0-2024-41710)

    Vulnerability from cvelistv5 – Published: 2024-08-12 00:00 – Updated: 2025-10-21 22:55
    VLAI CISA KEVIntel
    Summary
    A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    Impacted products
    Vendor Product Version
    mitel 6940_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:mitel:6865i_sip_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:mitel:6867i_sip_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:mitel:6869i_sip_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:mitel:6873i_sip_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:mitel:6930_sip_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:mitel:6940_sip_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6905_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6910_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6915_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6920_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6920w_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6930w_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6940w_sip_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mitel 6970_conference_firmware Affected: 0 , ≤ 6.4.0.136 (custom)
        cpe:2.3:o:mitel:6970_conference_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:mitel:6865i_sip_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:mitel:6867i_sip_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:mitel:6869i_sip_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:mitel:6873i_sip_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:mitel:6930_sip_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:mitel:6940_sip_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6940_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6905_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6910_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6915_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6920_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6920w_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6930w_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6940w_sip_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:mitel:6970_conference_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "6970_conference_firmware",
                "vendor": "mitel",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.0.136",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41710",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-13T04:55:21.238275Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-02-12",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41710"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-88",
                    "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:48.544Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41710"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-02-12T00:00:00.000Z",
                "value": "CVE-2024-41710 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:43:56.976Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.mitel.com/support/security-advisories"
            },
            {
              "url": "https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md"
            },
            {
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-41710",
        "datePublished": "2024-08-12T00:00:00.000Z",
        "dateReserved": "2024-07-22T00:00:00.000Z",
        "dateUpdated": "2025-10-21T22:55:48.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28066 (GCVE-0-2024-28066)

    Vulnerability from cvelistv5 – Published: 2024-04-08 00:00 – Updated: 2024-08-15 14:44
    VLAI
    Summary
    In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-259 - Use of Hard-coded Password
    • CWE-1391 - Use of Weak Credentials
    Assigner
    Impacted products
    Vendor Product Version
    atos openscape_desk_phone_ip_35g_firmware Affected: 1.10.4.3 , ≤ * (custom)
        cpe:2.3:o:atos:openscape_desk_phone_ip_35g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atos openscape_desk_phone_ip_35g_eco_firmware Affected: 1.10.4.3 , ≤ * (custom)
        cpe:2.3:o:atos:openscape_desk_phone_ip_35g_eco_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:47.824Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://syss.de"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:atos:openscape_desk_phone_ip_35g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "openscape_desk_phone_ip_35g_firmware",
                "vendor": "atos",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "1.10.4.3",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:atos:openscape_desk_phone_ip_35g_eco_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "openscape_desk_phone_ip_35g_eco_firmware",
                "vendor": "atos",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "1.10.4.3",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28066",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-08T17:26:56.257553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-259",
                    "description": "CWE-259 Use of Hard-coded Password",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1391",
                    "description": "CWE-1391 Use of Weak Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-15T14:44:40.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-08T12:44:00.192Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://syss.de"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-28066",
        "datePublished": "2024-04-08T00:00:00.000Z",
        "dateReserved": "2024-03-01T00:00:00.000Z",
        "dateUpdated": "2024-08-15T14:44:40.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13617 (GCVE-0-2020-13617)

    Vulnerability from cvelistv5 – Published: 2020-08-26 18:02 – Updated: 2024-08-04 12:25
    VLAI
    Summary
    The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2020-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:25:16.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-26T18:02:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mitel.com/support/security-advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-13617",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories",
                  "refsource": "MISC",
                  "url": "https://www.mitel.com/support/security-advisories"
                },
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0007"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-13617",
        "datePublished": "2020-08-26T18:02:00.000Z",
        "dateReserved": "2020-05-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:25:16.097Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }