high
7.2
Advisory Published
Updated

CVE-2022-29855

First published: Wed May 11 2022(Updated: )

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Mitel 6873i SIP<5.1.0.8017
Mitel 6873i SIP>=6.0.0.368<6.1.0.171
Mitel 6873i SIP firmware
Mitel 6930 firmware<5.1.0.8017
Mitel 6930 firmware>=6.0.0.368<6.1.0.171
Mitel 6930 SIP firmware
Mitel 6940 Firmware<5.1.0.8017
Mitel 6940 Firmware>=6.0.0.368<6.1.0.171
Mitel 6940w SIP
Mitel 6865i firmware<5.1.0.8017
Mitel 6865i firmware>=6.0.0.368<6.1.0.171
Mitel 6865i SIP firmware
Mitel 6867i firmware<5.1.0.8017
Mitel 6867i firmware>=6.0.0.368<6.1.0.171
Mitel 6867i SIP firmware
Mitel 6869i SIP Phone<5.1.0.8017
Mitel 6869i SIP Phone>=6.0.0.368<6.1.0.171
Mitel 6869i SIP Phone
Mitel 6920w Sip Firmware<=5.1.0.8016
Mitel 6920w Sip Firmware>=6.0.0.368<=6.1.0.165
Mitel 6920 SIP firmware
Mitel 6910 firmware<=5.1.0.8016
Mitel 6910 firmware>=6.0.0.368<=6.1.0.165
Mitel 6910 SIP
Mitel 6905 SIP firmware<=5.1.0.8016
Mitel 6905 SIP firmware>=6.0.0.368<=6.1.0.165
Mitel 6905 SIP

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-29855?

    CVE-2022-29855 is a vulnerability in Mitel 6800 and 6900 Series SIP phone devices that allows unauthorized access.

  • Which Mitel phone models are affected by CVE-2022-29855?

    Mitel 6800 and 6900 Series SIP phone devices, excluding 6970, are affected by CVE-2022-29855.

  • What is the severity of CVE-2022-29855?

    CVE-2022-29855 has a severity rating of 6.8 (High).

  • How can CVE-2022-29855 be exploited?

    CVE-2022-29855 can be exploited by unauthenticated attackers to gain unauthorized access to Mitel 6800 and 6900 Series SIP phone devices.

  • Are there any references for CVE-2022-29855?

    Yes, you can find more information about CVE-2022-29855 at the following references: [1] [2] [3].

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203