CVE-2024-41710 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-41710

Analyzed

More Info Official Page

Source-cve@mitre.org

View Known Exploited Vulnerability (KEV) details

Published At-12 Aug, 2024 | 19:15

Updated At-05 Nov, 2025 | 19:11

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

CISA Catalog

Date Added	Due Date	Vulnerability Name	Required Action
2025-02-12	2025-03-05	Mitel SIP Phones Argument Injection Vulnerability	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-02-12

Due Date: 2025-03-05

Vulnerability Name: Mitel SIP Phones Argument Injection Vulnerability

Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.8	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 6.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Mitel Networks Corp.

>>6970_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6970>>-

cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6940w_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6940w_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6930w_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6930w_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6920w_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6920w_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6920_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6915_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6915_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6910_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6905_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6940_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6930_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6873i_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6869i_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6867i_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6865i_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:*

Mitel Networks Corp.

>>6863i_sip_firmware>>Versions up to 6.4.0.136(inclusive)

cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:*

Mitel Networks Corp.

cpe:2.3:h:mitel:6863i_sip:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-88	Primary	nvd@nist.gov
CWE-88	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-88

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-88

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md	cve@mitre.org	Exploit Third Party Advisory
https://www.mitel.com/support/security-advisories	cve@mitre.org	Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019	cve@mitre.org	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41710	134c704f-9b21-4f2e-91b3-4a467353bcc0	US Government Resource

Hyperlink: https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

Hyperlink: https://www.mitel.com/support/security-advisories

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41710

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource:

US Government Resource