CVE-2024-41711

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Aug 13, 2024
Updated: Aug 14, 2024
CWE ID 88

Summary

CVE-2024-41711 is a newly identified vulnerability affecting Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit. An unauthenticated attacker with physical access to the phone can take advantage of insufficient parameter sanitization to execute an argument injection attack. Successful exploitation could lead to arbitrary command execution within the phone system. This issue affects versions R6.4.0.HF1 (R6.4.0.136) or prior. Mitel has released patches to address this vulnerability, and users are advised to update their systems as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share