First published: Fri May 13 2022(Updated: )
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel Minet Firmware | <=1.8.0.12 | |
Mitel 6905 | ||
Mitel 6910 | ||
Mitel 6920 | ||
Mitel 6930 | ||
Mitel 6930 Sip | ||
Mitel 6940 | ||
Mitel 6940 Sip |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-29854.
The severity of CVE-2022-29854 is high.
Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, are affected by CVE-2022-29854.
CVE-2022-29854 could allow an unauthenticated attacker with physical access to the phone to gain root access.
Yes, it is recommended to apply the latest firmware update provided by Mitel to mitigate the vulnerability.