CVE-2022-29854
Mitel 6800/6900 Series SIP Phones Backdoor Access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Una vulnerabilidad en los teléfonos IP de la serie 6900 de Mitel (MiNet), excepto el 6970, versiones 1.8 (1.8.0.12) y anteriores, podría permitir a un atacante no autenticado con acceso físico al teléfono conseguir acceso de root debido a un control de acceso insuficiente para la funcionalidad test durante el inicio del sistema. Una explotación con éxito podría permitir el acceso a información confidencial y una ejecución de código
Mitel 6800/6900 Series SIP Phones excluding 6970 and Mitel 6900 Series IP (MiNet) Phones have a flow to spawn a telnet backdoor on the device with a static root password enabled. Affected versions include Rel 5.1 SP8 (5.1.0.8016) and earlier, Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165), and MiNet 1.8.0.12 and earlier.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-27 CVE Reserved
- 2022-05-13 CVE Published
- 2024-03-01 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html | 2024-08-03 | |
http://seclists.org/fulldisclosure/2022/Jun/32 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mitel.com/support/security-advisories | 2022-10-29 | |
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0003 | 2022-10-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mitel Search vendor "Mitel" | Minet Firmware Search vendor "Mitel" for product "Minet Firmware" | <= 1.8.0.12 Search vendor "Mitel" for product "Minet Firmware" and version " <= 1.8.0.12" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6905 Search vendor "Mitel" for product "6905" | - | - |
Safe
|
Mitel Search vendor "Mitel" | Minet Firmware Search vendor "Mitel" for product "Minet Firmware" | <= 1.8.0.12 Search vendor "Mitel" for product "Minet Firmware" and version " <= 1.8.0.12" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6910 Search vendor "Mitel" for product "6910" | - | - |
Safe
|
Mitel Search vendor "Mitel" | Minet Firmware Search vendor "Mitel" for product "Minet Firmware" | <= 1.8.0.12 Search vendor "Mitel" for product "Minet Firmware" and version " <= 1.8.0.12" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6920 Search vendor "Mitel" for product "6920" | - | - |
Safe
|
Mitel Search vendor "Mitel" | Minet Firmware Search vendor "Mitel" for product "Minet Firmware" | <= 1.8.0.12 Search vendor "Mitel" for product "Minet Firmware" and version " <= 1.8.0.12" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6930 Search vendor "Mitel" for product "6930" | - | - |
Safe
|
Mitel Search vendor "Mitel" | Minet Firmware Search vendor "Mitel" for product "Minet Firmware" | <= 1.8.0.12 Search vendor "Mitel" for product "Minet Firmware" and version " <= 1.8.0.12" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6930 Sip Search vendor "Mitel" for product "6930 Sip" | - | - |
Safe
|
Mitel Search vendor "Mitel" | Minet Firmware Search vendor "Mitel" for product "Minet Firmware" | <= 1.8.0.12 Search vendor "Mitel" for product "Minet Firmware" and version " <= 1.8.0.12" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6940 Search vendor "Mitel" for product "6940" | - | - |
Safe
|
Mitel Search vendor "Mitel" | Minet Firmware Search vendor "Mitel" for product "Minet Firmware" | <= 1.8.0.12 Search vendor "Mitel" for product "Minet Firmware" and version " <= 1.8.0.12" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6940 Sip Search vendor "Mitel" for product "6940 Sip" | - | - |
Safe
|