CVE-2024-41710 - Mitel SIP Phones Argument Injection Vulnerability

Mitel | SIP Phones

• Date Added:
• 2025-02-12

• Due Date:
• 2025-03-05

Vulnerability Name

Mitel SIP Phones Argument Injection Vulnerability

Description

Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0019-001-v2.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-41710

Latest Security News

Microsoft: Hackers steal emails in device code phishing attacks

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

Hackers exploit authentication bypass in Palo Alto Networks PAN-OS

New "whoAMI" Attack Exploits AWS AMI Name Confusion for Remote Code Execution

This Security Firm's 'Bias' Is Also Its Superpower

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

SonicWall firewall bug leveraged in attacks after PoC exploit release

PirateFi game on Steam caught installing password-stealing malware

Common Alerts

InformationalUsername Hash Found in WebSocket message

LowDeprecated Feature Policy Header Set

HighRemote File Inclusion

LowStrict-Transport-Security Disabled

InformationalInformation Disclosure - Information in Browser localStorage

MediumApplication Error Disclosure via WebSockets

HighServer Side Code Injection - PHP Code Injection

MediumParameter Tampering

HighSource Code Disclosure - /WEB-INF Folder

InformationalStorable and Cacheable Content

Top CVE List

CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability

CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability

CVE-2024-57727 SimpleHelp Path Traversal Vulnerability

CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability

CVE-2025-21391 Microsoft Windows Storage Link Following Vulnerability

CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability

CVE-2025-24200 Apple iOS and iPadOS Incorrect Authorization Vulnerability

CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability

CVE-2017-6736 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2020-15069 Sophos XG Firewall Buffer Overflow Vulnerability

Top CWE List

CWE-693 Protection Mechanism Failure

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

MediumCWE-352 Cross-Site Request Forgery (CSRF)

CWE-1426 Improper Validation of Generative AI Output

CWE-201 Insertion of Sensitive Information Into Sent Data

HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined

CWE-284 Improper Access Control

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor