1. Home
  2. CVE Database
  3. CVE-2024-31963
MEDIUM · 6.4

CVE-2024-31963

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker t...

Vulnerability Description

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker to conduct a buffer overflow attack due to insufficient bounds checking and input sanitization. A successful exploit could allow an attacker to gain access to sensitive information, modify system configuration or execute arbitrary commands within the context of the system.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2024-31963?

CVE-2024-31963 is a vulnerability with a CVSS score of 6.4 (MEDIUM). A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker t...

How severe is CVE-2024-31963?

CVE-2024-31963 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-31963?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.