CVE-2024-41710: Command Injection
First published: Mon Aug 12 2024(Updated: )
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel 6800 | <=R6.4.0.HF1 | |
| Mitel 6900w Series SIP Phones | <=R6.4.0.HF1 | |
| Mitel 6900 Series SIP Phones | <=R6.4.0.HF1 | |
| Mitel 6970 Conference Unit | <=R6.4.0.HF1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md
- https://www.mitel.com/support/security-advisories
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019
- https://www.theregister.com/2025/01/29/ddos_attacks_aquabot_mitel/
- https://www.darkreading.com/endpoint-security/mirai-variant-aquabot-exploits-mitel-phone-flaws
- https://www.bleepingcomputer.com/news/security/new-aquabotv3-botnet-malware-targets-mitel-command-injection-flaw/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2024-41710?
CVE-2024-41710 has been rated as a high-risk vulnerability due to the potential for argument injection attacks.
How do I fix CVE-2024-41710?
To remediate CVE-2024-41710, ensure your Mitel 6800 Series, 6900 Series, or 6970 Conference Unit is updated to the latest firmware version beyond R6.4.0.HF1.
Who is affected by CVE-2024-41710?
CVE-2024-41710 affects users of Mitel 6800 Series, 6900 Series, and 6970 Conference Unit SIP Phones up to version R6.4.0.HF1.
What type of attack is possible with CVE-2024-41710?
An authenticated attacker with administrative privileges could conduct an argument injection attack due to insufficient parameter sanitization.
What products does CVE-2024-41710 impact?
CVE-2024-41710 impacts the Mitel 6800 Series, 6900 Series, 6900w Series SIP Phones, and the Mitel 6970 Conference Unit.
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- collector/the-register
- source/The Register
- alias/CVE-2024-41710
- alias/CVE-2018-17532
- alias/CVE-2023-26801
- alias/CVE-2022-31137
- alias/CVE-2018-10562
- alias/CVE-2018-10561
- collector/darkreading
- source/Dark Reading
- collector/bleeping-computer
- source/BleepingComputer
- agent/references
- agent/source
- agent/trending
- agent/softwarecombine
- agent/news-ai
- exploited/true
- agent/weakness
- agent/severity
- agent/tags
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mitel
- canonical/mitel 6800
- canonical/mitel 6900w series sip phones
- canonical/mitel 6900 series sip phones
- canonical/mitel 6970 conference unit