Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2022/Jun/32 | Exploit Mailing List Third Party Advisory |
https://www.mitel.com/support/security-advisories | Vendor Advisory |
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004 | Vendor Advisory |
https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
29 Oct 2022, 02:45
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/32 - Exploit, Mailing List, Third Party Advisory |
20 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jun 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 May 2022, 13:58
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 | |
First Time |
Mitel 6905 Sip Firmware
Mitel 6873i Sip Firmware Mitel 6867i Sip Mitel 6940 Sip Firmware Mitel 6865i Sip Mitel 6910 Sip Firmware Mitel 6920 Sip Firmware Mitel 6940 Sip Mitel 6869i Sip Firmware Mitel 6930 Sip Firmware Mitel 6920 Sip Mitel 6910 Sip Mitel 6873i Sip Mitel 6865i Sip Firmware Mitel 6867i Sip Firmware Mitel 6869i Sip Mitel 6905 Sip Mitel Mitel 6930 Sip |
|
References | (MISC) https://www.mitel.com/support/security-advisories - Vendor Advisory | |
References | (CONFIRM) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 6.8 |
CPE | cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:* cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:* cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:* cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:* cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:* cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:* cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:* cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:* cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:* cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:* |
11 May 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-11 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-29855
Mitre link : CVE-2022-29855
CVE.ORG link : CVE-2022-29855
JSON object : View
Products Affected
mitel
- 6905_sip
- 6910_sip_firmware
- 6910_sip
- 6869i_sip
- 6867i_sip_firmware
- 6920_sip_firmware
- 6873i_sip
- 6940_sip
- 6865i_sip_firmware
- 6905_sip_firmware
- 6869i_sip_firmware
- 6930_sip
- 6940_sip_firmware
- 6920_sip
- 6867i_sip
- 6873i_sip_firmware
- 6930_sip_firmware
- 6865i_sip
CWE