CVE-2024-41710

HIGH CISA KEV EPSS 98.5%
Published Aug 12, 20241y ago · Modified Jun 17, 20262w ago
7.2 CVSS 3.1
High
Find Similar
Published Aug 12, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Feb 12, 2025 1y ago
KEV Due Mar 5, 2025 484d overdue

Description

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

CVSS Details

Base Score
7.2
Exploitability
1.2
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 484d
Added
Feb 12, 2025
Due
Mar 5, 2025

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability
98.5% percentile
Exploit & Patch Status
Actively Exploited (KEV)
No Patch Available

Weaknesses 1

CWE-88

Affected Products 30

VendorProductVersionRange
mitel6970_firmware* ≤6.4.0.136
mitel6970*any
mitel6940w_sip_firmware* ≤6.4.0.136
mitel6940w_sip*any
mitel6930w_sip_firmware* ≤6.4.0.136
mitel6930w_sip*any
mitel6920w_sip_firmware* ≤6.4.0.136
mitel6920w_sip*any
mitel6920_sip_firmware* ≤6.4.0.136
mitel6920_sip*any
mitel6915_sip_firmware* ≤6.4.0.136
mitel6915_sip*any
mitel6910_sip_firmware* ≤6.4.0.136
mitel6910_sip*any
mitel6905_sip_firmware* ≤6.4.0.136
mitel6905_sip*any
mitel6940_sip_firmware* ≤6.4.0.136
mitel6940_sip*any
mitel6930_sip_firmware* ≤6.4.0.136
mitel6930_sip*any
mitel6873i_sip_firmware* ≤6.4.0.136
mitel6873i_sip*any
mitel6869i_sip_firmware* ≤6.4.0.136
mitel6869i_sip*any
mitel6867i_sip_firmware* ≤6.4.0.136
mitel6867i_sip*any
mitel6865i_sip_firmware* ≤6.4.0.136
mitel6865i_sip*any
mitel6863i_sip_firmware* ≤6.4.0.136
mitel6863i_sip*any

References 4

  • github.com https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md
    ExploitThird Party Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41710
    US Government Resource
  • mitel.com https://www.mitel.com/support/security-advisories
    Vendor Advisory
  • mitel.com https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.