CVE-2024-31966

Name of the Vulnerable Software and Affected Versions Mitel 6800 Series and 6900 Series SIP Phones versions through 6.3 SP3 HF4 Mitel 6900w Series SIP Phone versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8

Description A vulnerability allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. This could allow an attacker to access sensitive information, modify system configuration, or execute arbitrary commands.

Recommendations For Mitel 6800 Series and 6900 Series SIP Phones versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue. For Mitel 6900w Series SIP Phone versions through 6.3.3, update to a version later than 6.3.3 to resolve the issue. For Mitel 6970 Conference Unit versions through 5.1.1 SP8, update to a version later than 5.1.1 SP8 to resolve the issue. As a temporary workaround, consider restricting access to administrative privileges to minimize the risk of exploitation.