CVE-2024-31966
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)
Published: May 2, 2024 / Updated: 6mo ago
010
CVSS 6.2EPSS 0.04%Medium
CVE info copied to clipboard
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify the system configuration, or execute arbitrary commands.
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Timeline
First Article
Feedly found the first article mentioning CVE-2024-31966. See article
May 1, 2024 at 3:13 AM / RTC security
CVSS Estimate
Feedly estimated the CVSS score as HIGH
May 2, 2024 at 3:38 PM
CVE Assignment
NVD published the first details for CVE-2024-31966
May 2, 2024 at 4:15 PM
CVSS
A CVSS base score of 6.2 has been assigned.
Jul 3, 2024 at 2:24 AM / nvd
Affected Systems
Mitel/6970
+null more
Attack Patterns
CAPEC-137: Parameter Injection
+null more
News
CVE-2024-31966
High Severity Description A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify system configuration or execute arbitrary commands. Read more at https://www.tenable.com/cve/CVE-2024-31966
NA - CVE-2024-31966 - A vulnerability on Mitel 6800 Series and 6900...
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker with administrative privilege to conduct an...
CVE-2024-31966
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify the system configuration, or execute arbitrary...
CVE-2024-31966
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify the system configuration, or execute arbitrary commands.
CVE-2024-31966 | Mitel 6800/6900/6970 System Configuration argument injection
A vulnerability was found in Mitel 6800, 6900 and 6970 . It has been declared as critical . Affected by this vulnerability is an unknown functionality of the component System Configuration Handler . The manipulation leads to argument injection. This vulnerability is known as CVE-2024-31966 . The attack can only be done within the local network. There is no exploit available.
See 2 more articles and social media posts