Mitel Product Security Advisory 22-0004
Mitel Product Security Advisory 22-0004
Mitel 6800 Series SIP Phone and 6900 Series SIP Phone Access Control Vulnerability
Advisory ID: 22-0004
Publish Date: 2022-05-03
Last Updated: 2022-05-03
Revision: 1.0
Summary
An access control vulnerability has been identified in Mitel 6800 Series SIP Phones and 6900 Series SIP phones (excluding the 6970) running SIP firmware. If successfully exploited could allow a malicious actor access to code execution.
Mitel is recommending customers with affected product versions apply the available remediation.
This vulnerability was privately reported to Mitel.
Credit is given to Moritz Abrell of SySS GmbH for highlighting the issue and bringing to our attention.
Affected Products
| Product Name | Product Version | Security Bulletin | Last Updated |
|---|---|---|---|
| Mitel 6800/6900 Series SIP Phones | Rel 5.1 SP8 and earlier Rel 6.0 to 6.1 HF4 | 22-0004-001 | 2022-05-03 |
The vulnerability impacts all 6800 and 6900 Series SIP phones excluding the 6970 model.
Risk Assessment
The risk of this vulnerability is rated as Medium.
This vulnerability relates to Mitel 6800 Series SIP Phones and 6900 Series SIP Phones firmware (excluding 6970).
Refer to the product Security Bulletin for additional statements regarding risk.
Mitigation / Recommended Action
Mitel has issued a new release of the affected firmware. Customers are advised to update their 6800 IP and 6900 IP Phones to the latest version.
Customers are advised to review the product Security Bulletin.
For additional information, contact Product Support.
Related CVEs / CWEs / Advisories
CVE-2022-29855
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2022-05-03 | Initial Version |