Argument Injection Attack on Mitel SIP Phones
CVE-2024-41710

6.8MEDIUM

Key Information:

Vendor
Mitel
Status
Mitel 6800 Series and 6900 Series SIP Phones
Vendor
CVE Published:
12 August 2024

Badges

πŸ”₯ Trending nowπŸ“ˆ TrendedπŸ“ˆ Score: 3,990πŸ’° RansomwareπŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2024-41710?

CVE-2024-41710 is a vulnerability affecting the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit. These devices are widely used in enterprise telecommunication systems for voice over IP (VoIP) communication. The vulnerability arises from insufficient parameter sanitization during the boot process, permitting an authenticated attacker with administrative privileges to execute an argument injection attack. If successfully exploited, this could compromise the functionality of the devices and lead to unauthorized command execution, posing significant risks to organizations utilizing these telephony systems.

Technical Details

The vulnerability is rooted in the way these SIP phones handle parameters during startup. Attackers who already possess administrative access can manipulate the input parameters due to the lack of adequate validation mechanisms. This flaw potentially allows for the execution of arbitrary commands on the affected systems without proper authorization checks, undermining the integrity and security of the devices.

Potential Impact of CVE-2024-41710

  1. Unauthorized Command Execution: Successful exploitation could enable an attacker to execute arbitrary commands within the system context, leading to further system compromise and malicious activities.

  2. Disruption of Telecommunication Services: By gaining control over telephony systems, attackers could disrupt communication channels, affecting business operations and potentially harming organizational reputation.

  3. Increased Attack Surface: This vulnerability could serve as a foothold for broader attacks, allowing attackers to pivot and compromise other systems within the organization's network, leading to larger scale security breaches.

News Articles

favicon imageThe Hacker News

Threat Intelligence | News & Insights | The Hacker News

Read the latest updates about Threat Intelligence on The Hacker News cybersecurity and information technology publication.

5 hours ago

favicon imageThe Hacker News

New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks

Aquabot botnet exploits CVE-2024-41710 in Mitel phones, using a public PoC to deploy DDoS malware since January 2025.

6 days ago

favicon imageBleepingComputer

New Aquabotv3 botnet malware targets Mitel command injection flaw

A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones.

1 week ago

References

https://www.mitel.com/support/security-advisories
https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020...
https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by SecurityWeek

  • Vulnerability published

.