PT-2024-3247 · Mitel · Mitel 6800 Series+2
Kevin Joensen
·
Published
2024-04-17
·
Updated
2024-07-03
·
CVE-2024-31964
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mitel 6800 Series versions through 6.3 SP3 HF4
Mitel 6900 Series versions through 6.3 SP3 HF4
Mitel 6900w Series versions through 6.3.3
Mitel 6970 Conference Unit versions through 5.1.1 SP8
Description
The issue is related to an authentication bypass attack due to improper authentication control. This could allow an unauthenticated attacker to modify system configuration settings and potentially cause a denial of service.
Recommendations
For Mitel 6800 Series versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue.
For Mitel 6900 Series versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue.
For Mitel 6900w Series versions through 6.3.3, update to a version later than 6.3.3 to resolve the issue.
For Mitel 6970 Conference Unit versions through 5.1.1 SP8, update to a version later than 5.1.1 SP8 to resolve the issue.
Fix
Improper Access Control
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mitel 6800 Series
Mitel 6900 Series
Mitel 6970 Conference Unit