CVE-2024-41711

Name of the Vulnerable Software and Affected Versions Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, versions through R6.4.0.HF1 (R6.4.0.136)

Description A vulnerability in the Mitel SIP Phones could allow an unauthenticated attacker with physical access to the phone to conduct an argument injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

Recommendations For versions through R6.4.0.HF1 (R6.4.0.136), consider restricting physical access to the phones to minimize the risk of exploitation. As a temporary workaround, consider disabling any functionality that may be related to the argument injection vulnerability until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.