CVE-2022-29855
Mitel 6800/6900 Series SIP Phones Backdoor Access
Severity Score
6.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Los dispositivos telefónicos SIP de las series 6800 y 6900 de Mitel versiones hasta 27-04-2022, presentan una "funcionalidad no documentada". Una vulnerabilidad en los teléfonos SIP de las series 6800 y 6900 de Mitel, excepto el 6970, versiones 5.1 SP8 (5.1.0.8016) y anteriores, y 6.0 (6.0.0.368) hasta 6.1 HF4 (6.1.0.165), podría permitir a un atacante no autenticado con acceso físico al teléfono conseguir acceso root debido a un control de acceso insuficiente para la funcionalidad test durante el inicio del sistema. Una explotación con éxito podría permitir el acceso a información confidencial y una ejecución de código
Mitel 6800/6900 Series SIP Phones excluding 6970 and Mitel 6900 Series IP (MiNet) Phones have a flow to spawn a telnet backdoor on the device with a static root password enabled. Affected versions include Rel 5.1 SP8 (5.1.0.8016) and earlier, Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165), and MiNet 1.8.0.12 and earlier.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-27 CVE Reserved
- 2022-05-11 CVE Published
- 2024-02-28 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://www.syss.de/pentest-blog/undocumented-functionality-backdoor-in-mitel-desk-phones-syss-2022-021 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/167547/Mitel-6800-6900-Series-SIP-Phones-Backdoor-Access.html | 2024-08-03 | |
| http://seclists.org/fulldisclosure/2022/Jun/32 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mitel.com/support/security-advisories | 2023-08-08 | |
| https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0004 | 2023-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitel Search vendor "Mitel" | 6873i Sip Firmware Search vendor "Mitel" for product "6873i Sip Firmware" | < 5.1.0.8017 Search vendor "Mitel" for product "6873i Sip Firmware" and version " < 5.1.0.8017" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6873i Sip Search vendor "Mitel" for product "6873i Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6873i Sip Firmware Search vendor "Mitel" for product "6873i Sip Firmware" | >= 6.0.0.368 < 6.1.0.171 Search vendor "Mitel" for product "6873i Sip Firmware" and version " >= 6.0.0.368 < 6.1.0.171" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6873i Sip Search vendor "Mitel" for product "6873i Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6930 Sip Firmware Search vendor "Mitel" for product "6930 Sip Firmware" | < 5.1.0.8017 Search vendor "Mitel" for product "6930 Sip Firmware" and version " < 5.1.0.8017" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6930 Sip Search vendor "Mitel" for product "6930 Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6930 Sip Firmware Search vendor "Mitel" for product "6930 Sip Firmware" | >= 6.0.0.368 < 6.1.0.171 Search vendor "Mitel" for product "6930 Sip Firmware" and version " >= 6.0.0.368 < 6.1.0.171" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6930 Sip Search vendor "Mitel" for product "6930 Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6940 Sip Firmware Search vendor "Mitel" for product "6940 Sip Firmware" | < 5.1.0.8017 Search vendor "Mitel" for product "6940 Sip Firmware" and version " < 5.1.0.8017" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6940 Sip Search vendor "Mitel" for product "6940 Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6940 Sip Firmware Search vendor "Mitel" for product "6940 Sip Firmware" | >= 6.0.0.368 < 6.1.0.171 Search vendor "Mitel" for product "6940 Sip Firmware" and version " >= 6.0.0.368 < 6.1.0.171" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6940 Sip Search vendor "Mitel" for product "6940 Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6865i Sip Firmware Search vendor "Mitel" for product "6865i Sip Firmware" | < 5.1.0.8017 Search vendor "Mitel" for product "6865i Sip Firmware" and version " < 5.1.0.8017" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6865i Sip Search vendor "Mitel" for product "6865i Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6865i Sip Firmware Search vendor "Mitel" for product "6865i Sip Firmware" | >= 6.0.0.368 < 6.1.0.171 Search vendor "Mitel" for product "6865i Sip Firmware" and version " >= 6.0.0.368 < 6.1.0.171" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6865i Sip Search vendor "Mitel" for product "6865i Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6867i Sip Firmware Search vendor "Mitel" for product "6867i Sip Firmware" | < 5.1.0.8017 Search vendor "Mitel" for product "6867i Sip Firmware" and version " < 5.1.0.8017" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6867i Sip Search vendor "Mitel" for product "6867i Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6867i Sip Firmware Search vendor "Mitel" for product "6867i Sip Firmware" | >= 6.0.0.368 < 6.1.0.171 Search vendor "Mitel" for product "6867i Sip Firmware" and version " >= 6.0.0.368 < 6.1.0.171" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6867i Sip Search vendor "Mitel" for product "6867i Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6869i Sip Firmware Search vendor "Mitel" for product "6869i Sip Firmware" | < 5.1.0.8017 Search vendor "Mitel" for product "6869i Sip Firmware" and version " < 5.1.0.8017" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6869i Sip Search vendor "Mitel" for product "6869i Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6869i Sip Firmware Search vendor "Mitel" for product "6869i Sip Firmware" | >= 6.0.0.368 < 6.1.0.171 Search vendor "Mitel" for product "6869i Sip Firmware" and version " >= 6.0.0.368 < 6.1.0.171" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6869i Sip Search vendor "Mitel" for product "6869i Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6920 Sip Firmware Search vendor "Mitel" for product "6920 Sip Firmware" | <= 5.1.0.8016 Search vendor "Mitel" for product "6920 Sip Firmware" and version " <= 5.1.0.8016" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6920 Sip Search vendor "Mitel" for product "6920 Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6920 Sip Firmware Search vendor "Mitel" for product "6920 Sip Firmware" | >= 6.0.0.368 <= 6.1.0.165 Search vendor "Mitel" for product "6920 Sip Firmware" and version " >= 6.0.0.368 <= 6.1.0.165" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6920 Sip Search vendor "Mitel" for product "6920 Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6910 Sip Firmware Search vendor "Mitel" for product "6910 Sip Firmware" | <= 5.1.0.8016 Search vendor "Mitel" for product "6910 Sip Firmware" and version " <= 5.1.0.8016" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6910 Sip Search vendor "Mitel" for product "6910 Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6910 Sip Firmware Search vendor "Mitel" for product "6910 Sip Firmware" | >= 6.0.0.368 <= 6.1.0.165 Search vendor "Mitel" for product "6910 Sip Firmware" and version " >= 6.0.0.368 <= 6.1.0.165" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6910 Sip Search vendor "Mitel" for product "6910 Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6905 Sip Firmware Search vendor "Mitel" for product "6905 Sip Firmware" | <= 5.1.0.8016 Search vendor "Mitel" for product "6905 Sip Firmware" and version " <= 5.1.0.8016" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6905 Sip Search vendor "Mitel" for product "6905 Sip" | - | - |
Safe
|
| Mitel Search vendor "Mitel" | 6905 Sip Firmware Search vendor "Mitel" for product "6905 Sip Firmware" | >= 6.0.0.368 <= 6.1.0.165 Search vendor "Mitel" for product "6905 Sip Firmware" and version " >= 6.0.0.368 <= 6.1.0.165" | - |
Affected
| in | Mitel Search vendor "Mitel" | 6905 Sip Search vendor "Mitel" for product "6905 Sip" | - | - |
Safe
|