CVE-2022-29855

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-29855
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

6.8 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.mitel.com/support/security-advisories Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004 Vendor Advisory
https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021
http://seclists.org/fulldisclosure/2022/Jun/32
http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:*
Information

Published : 2022-05-11 13:15

Updated : 2022-06-20 12:15

NVD link : CVE-2022-29855

Mitre link : CVE-2022-29855

JSON object : View

CWE
CWE-863

Incorrect Authorization

Advertisement

dedicated server usa
Products Affected

mitel

  • 6940_sip_firmware
  • 6873i_sip_firmware
  • 6869i_sip_firmware
  • 6910_sip_firmware
  • 6920_sip_firmware
  • 6867i_sip_firmware
  • 6865i_sip
  • 6930_sip_firmware
  • 6930_sip
  • 6940_sip
  • 6865i_sip_firmware
  • 6910_sip
  • 6920_sip
  • 6905_sip
  • 6873i_sip
  • 6867i_sip
  • 6905_sip_firmware
  • 6869i_sip