CVE-2024-41710 — HIGH (7.2)

Q: How severe is CVE-2024-41710?

CVE-2024-41710 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-41710?

Check the references section above for vendor advisories and patch information. Affected products include: Mitel 6970 Firmware, Mitel 6970, Mitel 6940W Sip Firmware, Mitel 6940W Sip, Mitel 6930W Sip Firmware.

Vulnerability Description

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mitel	6970 Firmware	<= 6.4.0.136
Mitel	6970	-
Mitel	6940W Sip Firmware	<= 6.4.0.136
Mitel	6940W Sip	-
Mitel	6930W Sip Firmware	<= 6.4.0.136
Mitel	6930W Sip	-
Mitel	6920W Sip Firmware	<= 6.4.0.136
Mitel	6920W Sip	-
Mitel	6920 Sip Firmware	<= 6.4.0.136
Mitel	6920 Sip	-
Mitel	6915 Sip Firmware	<= 6.4.0.136
Mitel	6915 Sip	-
Mitel	6910 Sip Firmware	<= 6.4.0.136
Mitel	6910 Sip	-
Mitel	6905 Sip Firmware	<= 6.4.0.136
Mitel	6905 Sip	-
Mitel	6940 Sip Firmware	<= 6.4.0.136
Mitel	6940 Sip	-
Mitel	6930 Sip Firmware	<= 6.4.0.136
Mitel	6930 Sip	-

Related Weaknesses (CWE)

CWE-88

References

https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.mdExploitThird Party Advisory
https://www.mitel.com/support/security-advisoriesVendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisorVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-US Government Resource

FAQ

What is CVE-2024-41710?

CVE-2024-41710 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with admin...

How severe is CVE-2024-41710?

CVE-2024-41710 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-41710?

Check the references section above for vendor advisories and patch information. Affected products include: Mitel 6970 Firmware, Mitel 6970, Mitel 6940W Sip Firmware, Mitel 6940W Sip, Mitel 6930W Sip Firmware.