Unauthorized Access Vulnerability in Mitel 6800 and 6900 Series SIP Phones
CVE-2022-29855

6.8MEDIUM

Key Information:

Vendor

Mitel
Status
6873i Sip Firmware
Vendor
CVE Published:
11 May 2022

What is CVE-2022-29855?

A vulnerability exists in the Mitel 6800 and 6900 Series SIP phones due to undocumented functionality, specifically allowing an unauthenticated attacker, with physical access to the device, to gain root access. This flaw is attributed to inadequate access control mechanisms utilized during system startup for certain test functionalities. If exploited successfully, this vulnerability poses a significant risk as it enables the attacker to access sensitive information and execute arbitrary code, potentially compromising the device’s integrity and security.

References

https://www.mitel.com/support/security-advisories
x_refsource_MISC
https://www.mitel.com/support/security-advisories/mitel-p...
x_refsource_CONFIRM
https://www.syss.de/pentest-blog/undocumented-functionali...
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.