cbcvebase.
CVE-2022-29855
published 2022-05-11

CVE-2022-29855: Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP…

PriorityP433medium6.8CVSS 3.1
AVPACLPRNUINSUCHIHAH
EPSS
0.74%
49.9th percentile
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

Affected

18 ranges
VendorProductVersion rangeFixed in
mitel6865i_sip_firmware< 5.1.0.80175.1.0.8017
mitel6865i_sip_firmware>= 6.0.0.368 < 6.1.0.1716.1.0.171
mitel6867i_sip_firmware< 5.1.0.80175.1.0.8017
mitel6867i_sip_firmware>= 6.0.0.368 < 6.1.0.1716.1.0.171
mitel6869i_sip_firmware< 5.1.0.80175.1.0.8017
mitel6869i_sip_firmware>= 6.0.0.368 < 6.1.0.1716.1.0.171
mitel6873i_sip_firmware< 5.1.0.80175.1.0.8017
mitel6873i_sip_firmware>= 6.0.0.368 < 6.1.0.1716.1.0.171
mitel6905_sip_firmware<= 5.1.0.8016
mitel6905_sip_firmware6.0.0.368 – 6.1.0.165
mitel6910_sip_firmware<= 5.1.0.8016
mitel6910_sip_firmware6.0.0.368 – 6.1.0.165
mitel6920_sip_firmware<= 5.1.0.8016
mitel6920_sip_firmware6.0.0.368 – 6.1.0.165
mitel6930_sip_firmware< 5.1.0.80175.1.0.8017
mitel6930_sip_firmware>= 6.0.0.368 < 6.1.0.1716.1.0.171
mitel6940_sip_firmware< 5.1.0.80175.1.0.8017
mitel6940_sip_firmware>= 6.0.0.368 < 6.1.0.1716.1.0.171

CVSS provenance

nvdv3.16.8MEDIUMCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.