Vulnerability Description
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
CVSS Score
8.8
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitel | 6940W Firmware | >= 1.10.4.3, < 1.11.3.0 |
| Mitel | 6940W | - |
| Mitel | 6930W Firmware | >= 1.10.4.3, < 1.11.3.0 |
| Mitel | 6930W | - |
| Mitel | 6920W Firmware | >= 1.10.4.3, < 1.11.3.0 |
| Mitel | 6920W | - |
| Mitel | 6970 Firmware | >= 1.10.4.3, < 1.11.3.0 |
| Mitel | 6970 | - |
| Mitel | 6915 Firmware | >= 1.10.4.3, < 1.11.3.0 |
| Mitel | 6915 | - |
| Mitel | 6910 Firmware | >= 1.10.4.3, < 1.11.3.0 |
| Mitel | 6910 | - |
| Mitel | 6905 Firmware | >= 1.10.4.3, < 1.11.3.0 |
| Mitel | 6905 | - |
| Mitel | Openscape Cp710 Firmware | >= 1.10.4.3, < 1.11.3.0 |
| Mitel | Openscape Cp710 | - |
| Mitel | Openscape Cp410 Firmware | >= 1.10.4.3, < 1.11.3.0 |
| Mitel | Openscape Cp410 | - |
| Mitel | Openscape Cp210 Firmware | >= 1.10.4.3, < 1.11.3.0 |
| Mitel | Openscape Cp210 | - |
Related Weaknesses (CWE)
References
- https://syss.deNot Applicable
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.tExploitThird Party Advisory
- https://syss.deNot Applicable
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.tExploitThird Party Advisory
FAQ
What is CVE-2024-28066?
CVE-2024-28066 is a vulnerability with a CVSS score of 8.8 (HIGH). In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
How severe is CVE-2024-28066?
CVE-2024-28066 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-28066?
Check the references section above for vendor advisories and patch information. Affected products include: Mitel 6940W Firmware, Mitel 6940W, Mitel 6930W Firmware, Mitel 6930W, Mitel 6920W Firmware.