Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv3

CVE-2022-29855

Published: 11/05/2022 Updated: 08/08/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Mitel

Vulnerability Summary

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and previous versions, and 6.0 (6.0.0.368) up to and including 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mitel 6873i_sip_firmware

mitel 6930_sip_firmware

mitel 6940_sip_firmware

mitel 6865i_sip_firmware

mitel 6867i_sip_firmware

mitel 6869i_sip_firmware

mitel 6920_sip_firmware

mitel 6910_sip_firmware

mitel 6905_sip_firmware

Exploits

Exploit DB: Mitel 6800/6900 Series SIP Phones Backdoor Access
Mitel 6800/6900 Series SIP Phones excluding 6970 and Mitel 6900 Series IP (MiNet) Phones have a flow to spawn a telnet backdoor on the device with a static root password enabled Affected versions include Rel 51 SP8 (5108016) and earlier, Rel 60 (600368) to 61 HF4 (610165), and MiNet 18012 and earlier ...

References

NVD-CWE-Otherhttps://www.mitel.com/support/security-advisorieshttps://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021http://seclists.org/fulldisclosure/2022/Jun/32http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook