Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-29855
HistoryMay 11, 2022 - 8:15 p.m.

CVE-2022-29855

2022-05-1120:15:08
[email protected]
web.nvd.nist.gov
77
10
mitel
6800 series
6900 series
sip phone
cve-2022-29855
vulnerability
unauthorized access
root access
access control
code execution
nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

JSON

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have “undocumented functionality.” A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

Affected configurations

NVD
Node
mitel6873i_sip_firmwareRange<5.1.0.8017
OR
mitel6873i_sip_firmwareRange6.0.0.3686.1.0.171
AND
mitel6873i_sipMatch-
Node
mitel6930_sip_firmwareRange<5.1.0.8017
OR
mitel6930_sip_firmwareRange6.0.0.3686.1.0.171
AND
mitel6930_sipMatch-
Node
mitel6940_sip_firmwareRange<5.1.0.8017
OR
mitel6940_sip_firmwareRange6.0.0.3686.1.0.171
AND
mitel6940_sipMatch-
Node
mitel6865i_sip_firmwareRange<5.1.0.8017
OR
mitel6865i_sip_firmwareRange6.0.0.3686.1.0.171
AND
mitel6865i_sipMatch-
Node
mitel6867i_sip_firmwareRange<5.1.0.8017
OR
mitel6867i_sip_firmwareRange6.0.0.3686.1.0.171
AND
mitel6867i_sipMatch-
Node
mitel6869i_sip_firmwareRange<5.1.0.8017
OR
mitel6869i_sip_firmwareRange6.0.0.3686.1.0.171
AND
mitel6869i_sipMatch-
Node
mitel6920_sip_firmwareRange5.1.0.8016
OR
mitel6920_sip_firmwareRange6.0.0.3686.1.0.165
AND
mitel6920_sipMatch-
Node
mitel6910_sip_firmwareRange5.1.0.8016
OR
mitel6910_sip_firmwareRange6.0.0.3686.1.0.165
AND
mitel6910_sipMatch-
Node
mitel6905_sip_firmwareRange5.1.0.8016
OR
mitel6905_sip_firmwareRange6.0.0.3686.1.0.165
AND
mitel6905_sipMatch-

Social References

More

Related

nvd 1
prion 1
cvelist 1
packetstorm 1
zdt 1
thn 2
nvd
nvd
CVE-2022-29855
2022-05-11 20:15:08
prion
prion
Improper access control
2022-05-11 20:15:00
cvelist
cvelist
CVE-2022-29855
2022-05-11 19:12:48
packetstorm
packetstorm
Mitel 6800/6900 Series SIP Phones Backdoor Access
2022-06-20 00:00:00
zdt
zdt
Mitel 6800/6900 Series SIP Phones Backdoor Access Vulnerability
2022-06-21 00:00:00
thn
thn
Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
2022-06-13 10:55:00
Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack
2022-06-24 12:58:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

JSON
Related for CVE-2022-29855
nvd1prion1cvelist1packetstorm1zdt1thn2