CVE-2024-31963

Name of the Vulnerable Software and Affected Versions Mitel 6800 Series and 6900 Series SIP Phones versions through 6.3 SP3 HF4 Mitel 6900w Series SIP Phone versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8

Description A buffer overflow attack can be conducted by an authenticated attacker due to insufficient bounds checking and input sanitization. This could allow an attacker to gain access to sensitive information, modify system configuration, or execute arbitrary commands within the context of the system. The issue is related to a buffer overflow in memory, which can be exploited by sending specially crafted network requests.

Recommendations For Mitel 6800 Series and 6900 Series SIP Phones versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue. For Mitel 6900w Series SIP Phone versions through 6.3.3, update to a version later than 6.3.3 to resolve the issue. For Mitel 6970 Conference Unit versions through 5.1.1 SP8, update to a version later than 5.1.1 SP8 to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.