PT-2024-3244 · Mitel · Mitel 6800 Series+3
Kevin Joensen
·
Published
2024-04-17
·
Updated
2024-07-03
·
CVE-2024-31967
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Mitel 6800 Series versions through 6.3 SP3 HF4
Mitel 6900 Series versions through 6.3 SP3 HF4
Mitel 6900w Series SIP Phone versions through 6.3.3
Mitel 6970 Conference Unit versions through 5.1.1 SP8
Description
The issue is related to insufficient protection of service data, allowing an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration.
Recommendations
For Mitel 6800 Series versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue.
For Mitel 6900 Series versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue.
For Mitel 6900w Series SIP Phone versions through 6.3.3, update to a version later than 6.3.3 to resolve the issue.
For Mitel 6970 Conference Unit versions through 5.1.1 SP8, update to a version later than 5.1.1 SP8 to resolve the issue.
Fix
Improper Access Control
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mitel 6800 Series
Mitel 6900 Series
Mitel 6900 Series Ip Phones
Mitel 6970 Conference Unit