CVE-2022-29855

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:*

History

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-863 NVD-CWE-Other

29 Oct 2022, 02:45

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html - (MISC) http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html - Exploit, Third Party Advisory, VDB Entry
References (MISC) https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 - (MISC) https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 - Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/32 - (FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/32 - Exploit, Mailing List, Third Party Advisory

20 Jun 2022, 19:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html -

11 Jun 2022, 09:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/32 -

10 Jun 2022, 14:15

Type Values Removed Values Added
References
  • (MISC) https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 -

23 May 2022, 13:58

Type Values Removed Values Added
CWE CWE-863
First Time Mitel 6905 Sip Firmware
Mitel 6873i Sip Firmware
Mitel 6867i Sip
Mitel 6940 Sip Firmware
Mitel 6865i Sip
Mitel 6910 Sip Firmware
Mitel 6920 Sip Firmware
Mitel 6940 Sip
Mitel 6869i Sip Firmware
Mitel 6930 Sip Firmware
Mitel 6920 Sip
Mitel 6910 Sip
Mitel 6873i Sip
Mitel 6865i Sip Firmware
Mitel 6867i Sip Firmware
Mitel 6869i Sip
Mitel 6905 Sip
Mitel
Mitel 6930 Sip
References (MISC) https://www.mitel.com/support/security-advisories - (MISC) https://www.mitel.com/support/security-advisories - Vendor Advisory
References (CONFIRM) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004 - (CONFIRM) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 7.2
v3 : 6.8
CPE cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*

11 May 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-11 20:15

Updated : 2023-12-10 14:22


NVD link : CVE-2022-29855

Mitre link : CVE-2022-29855

CVE.ORG link : CVE-2022-29855


JSON object : View

Products Affected

mitel

  • 6905_sip
  • 6910_sip_firmware
  • 6910_sip
  • 6869i_sip
  • 6867i_sip_firmware
  • 6920_sip_firmware
  • 6873i_sip
  • 6940_sip
  • 6865i_sip_firmware
  • 6905_sip_firmware
  • 6869i_sip_firmware
  • 6930_sip
  • 6940_sip_firmware
  • 6920_sip
  • 6867i_sip
  • 6873i_sip_firmware
  • 6930_sip_firmware
  • 6865i_sip