Home / Vulnerabilities / CVE-2024-41710
MEDIUM SEVERITY
CVE-2024-41710 Mitel · SIP Phones

Mitel SIP Phones Argument Injection Vulnerability

Technical Severity

CVSS v3.1 Metrics

MEDIUM
6.8 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

21.14 %
Predictive Probability
Percentile Rank
95.5 th

Documented as more likely to be exploited than 95.5% of known CVEs.

Detection Date

Feb 12, 2025

Remediation Due

Mar 05, 2025

CISA Catalog Active

Threat Analysis

Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.

Remediation Directive

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

External Intelligence

https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0019-001-v2.pdf

https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0019-001-v2.pdf
NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2024-41710