CVE-2022-29854

Name of the Vulnerable Software and Affected Versions Mitel 6900 Series IP phones versions 1.8.0.12 and earlier

Description The issue is related to errors in authorization, allowing an attacker to execute arbitrary code. A successful exploit could allow access to sensitive information and code execution due to insufficient access control for test functionality during system startup. This could enable an unauthenticated attacker with physical access to the phone to gain root access.

Recommendations For versions 1.8.0.12 and earlier, ensure that physical access to the phones is restricted to prevent exploitation. As a temporary workaround, consider disabling test functionality during system startup until a patch is available. Restrict access to sensitive information and ensure that only authorized personnel have physical access to the phones. At the moment, there is no information about a newer version that contains a fix for this vulnerability.