CVE-2024-41710

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Aug 12, 2024
Updated: Aug 14, 2024
CWE ID 88

Summary

CVE-2024-41710 is a newly discovered vulnerability affecting Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, running on R6.4.0.HF1 (R6.4.0.136). An authenticated attacker with administrative privileges can exploit this issue through argument injection attacks during the boot process, which could result in arbitrary command execution within the system. This vulnerability stems from insufficient parameter sanitization, posing a significant risk to affected Mitel phone models.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share