Exploited
high
7.2
CWE
88 77
Advisory Published
Updated

CVE-2024-41710: Mitel SIP Phones Argument Injection Vulnerability

First published: Mon Aug 12 2024(Updated: )

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Mitel 6800<=R6.4.0.HF1
Mitel SIP Phones<=R6.4.0.HF1
Mitel SIP Phones<=R6.4.0.HF1
Mitel 6970 Conference Unit<=R6.4.0.HF1
Mitel SIP Phones
All of
Mitel 6970 firmware<=6.4.0.136
Mitel 6970 Conference Unit
All of
Mitel 6940w SIP<=6.4.0.136
Mitel 6940w SIP Firmware
All of
Mitel 6930w<=6.4.0.136
Mitel 6930w SIP Firmware
All of
Mitel 6920 SIP Firmware<=6.4.0.136
Mitel 6920w Sip Firmware
All of
Mitel 6920w SIP Firmware<=6.4.0.136
Mitel 6920 SIP Firmware
All of
Mitel 6915 SIP<=6.4.0.136
Mitel 6915 SIP
All of
Mitel 6910 SIP Firmware<=6.4.0.136
Mitel 6910 SIP Firmware
All of
Mitel 6905 SIP firmware<=6.4.0.136
Mitel 6905 SIP
All of
Mitel 6940 Firmware<=6.4.0.136
Mitel 6940w SIP Firmware
All of
Mitel MiVoice 6930 firmware<=6.4.0.136
Mitel 6930 SIP firmware
All of
Mitel 6873i Firmware<=6.4.0.136
Mitel 6873i Firmware
All of
Mitel 6869i SIP Phone<=6.4.0.136
Mitel 6869i SIP Phone
All of
Mitel 6867i SIP Firmware<=6.4.0.136
Mitel 6867i SIP Firmware
All of
Mitel 6865i SIP Firmware<=6.4.0.136
Mitel 6865i SIP firmware
All of
Mitel 6863 Firmware<=6.4.0.136
Mitel 6863i SIP Firmware
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136
All of
<=6.4.0.136

Remedy

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

  • What is the severity of CVE-2024-41710?

    CVE-2024-41710 has been rated as a high-risk vulnerability due to the potential for argument injection attacks.

  • How do I fix CVE-2024-41710?

    To remediate CVE-2024-41710, ensure your Mitel 6800 Series, 6900 Series, or 6970 Conference Unit is updated to the latest firmware version beyond R6.4.0.HF1.

  • Who is affected by CVE-2024-41710?

    CVE-2024-41710 affects users of Mitel 6800 Series, 6900 Series, and 6970 Conference Unit SIP Phones up to version R6.4.0.HF1.

  • What type of attack is possible with CVE-2024-41710?

    An authenticated attacker with administrative privileges could conduct an argument injection attack due to insufficient parameter sanitization.

  • What products does CVE-2024-41710 impact?

    CVE-2024-41710 impacts the Mitel 6800 Series, 6900 Series, 6900w Series SIP Phones, and the Mitel 6970 Conference Unit.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203