5 matches found
CVE-2022-29855
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 5.1.0.8016 and earlier, and 6.0 6.0.0.368 through 6.1 HF4 6.1.0.165, could allow a unauthenticated...
Mitel 6800/6900 Series SIP Phones Backdoor Access Vulnerability
Mitel 6800/6900 Series SIP Phones excluding 6970 and Mitel 6900 Series IP MiNet Phones have a flow to spawn a telnet backdoor on the device with a static root password enabled. Affected versions include Rel 5.1 SP8 5.1.0.8016 and earlier, Rel 6.0 6.0.0.368 to 6.1 HF4 6.1.0.165, and MiNet 1.8.0.12...
Mitel 6800/6900 Series SIP Phones Backdoor Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-021 Product: Mitel 6800/6900 Series SIP Phones excluding 6970 Mitel 6900 Series IP MiNet Phones Manufacturer: Mitel Networks Corporation Affected Versions: Rel 5.1 SP8 5.1.0.8016 and earlier Rel 6.0 6.0.0.368 to 6.1 HF4...
Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855 CVSS score: 6.8, the access control issues wer...
CVE-2022-29855
CVE-2022-29855 affects Mitel 6800/6900 Series SIP phones (excluding 6970) with firmware variants up to 5.1 SP8 and up to 6.1 HF4, where an undocumented test/backdoor functionality during system boot can grant an unauthenticated, physically proximate attacker root access via a boot-time check that...