A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2022/Jun/32 | Exploit Mailing List Third Party Advisory |
https://www.mitel.com/support/security-advisories | Vendor Advisory |
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003 | Vendor Advisory |
https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
29 Oct 2022, 02:45
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/32 - Exploit, Mailing List, Third Party Advisory |
20 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jun 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 May 2022, 17:02
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 6.8 |
CPE | cpe:2.3:h:mitel:6905:-:*:*:*:*:*:*:* cpe:2.3:h:mitel:6910:-:*:*:*:*:*:*:* cpe:2.3:h:mitel:6920:-:*:*:*:*:*:*:* cpe:2.3:h:mitel:6930:-:*:*:*:*:*:*:* cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:* cpe:2.3:h:mitel:6940:-:*:*:*:*:*:*:* cpe:2.3:o:mitel:minet_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:* |
|
CWE | CWE-863 | |
References | (MISC) https://www.mitel.com/support/security-advisories - Vendor Advisory | |
References | (CONFIRM) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003 - Vendor Advisory | |
First Time |
Mitel 6910
Mitel 6940 Mitel 6905 Mitel 6920 Mitel 6930 Mitel Mitel minet Firmware Mitel 6930 Sip Mitel 6940 Sip |
13 May 2022, 15:08
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-13 14:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-29854
Mitre link : CVE-2022-29854
CVE.ORG link : CVE-2022-29854
JSON object : View
Products Affected
mitel
- 6920
- 6930
- 6930_sip
- 6940_sip
- 6905
- minet_firmware
- 6910
- 6940
CWE
CWE-863
Incorrect Authorization