Known Exploited Vulnerability
7.2
HIGH
CVE-2024-41710
Mitel SIP Phones Argument Injection Vulnerability - [Actively Exploited]
Description

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

INFO

Published Date :

Aug. 12, 2024, 7:15 p.m.

Last Modified :

Feb. 18, 2025, 3:28 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

1.2
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0019-001-v2.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-41710

Public PoC/Exploit Available at Github

CVE-2024-41710 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-41710 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Mitel 6873i_sip_firmware
2 Mitel 6930_sip_firmware
3 Mitel 6940_sip_firmware
4 Mitel 6865i_sip_firmware
5 Mitel 6867i_sip_firmware
6 Mitel 6869i_sip_firmware
7 Mitel 6920_sip_firmware
8 Mitel 6910_sip_firmware
9 Mitel 6905_sip_firmware
10 Mitel 6970_firmware
11 Mitel 6869i_sip
12 Mitel 6970
13 Mitel 6873i_sip
14 Mitel 6930_sip
15 Mitel 6940_sip
16 Mitel 6865i_sip
17 Mitel 6867i_sip
18 Mitel 6920_sip
19 Mitel 6910_sip
20 Mitel 6905_sip
21 Mitel 6940w_sip_firmware
22 Mitel 6940w_sip
23 Mitel 6930w_sip_firmware
24 Mitel 6930w_sip
25 Mitel 6920w_sip_firmware
26 Mitel 6920w_sip
27 Mitel 6915_sip_firmware
28 Mitel 6915_sip
29 Mitel 6863i_sip_firmware
30 Mitel 6863i_sip
: Total Affected Vendor : 1 | Products : 30
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-41710.

URL Resource
https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md Exploit Third Party Advisory
https://www.mitel.com/support/security-advisories Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
CryptoGenNepal/CVE-KEV-RSS

CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild and CryptoGen Nepal aims to simplify this for the general public in a more understandable way as well as in a format that can be easily integrated into their threat intelligence systems.

cve json rss cgn cisa kev

Python HTML

Updated: 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Feb. 16, 2025, 5:21 p.m. This repo has been linked 10 different CVEs too.
Profile Photo
kwburns/CVE

A repository containing exploit code / zero-day research I've worked on.

Python

Updated: 5 months, 3 weeks ago
0 stars 1 fork 1 watcher
Born at : June 3, 2024, 12:42 a.m. This repo has been linked 3 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-41710 vulnerability anywhere in the article.

  • TheCyberThrone
PHP Voyager flaws lead to RCE

Three critical vulnerabilities have been disclosed in the open-source PHP package Voyager, a widely used tool for managing Laravel applications. These vulnerabilities, identified as CVE-2024-55417, CV ... Read more

Published Date: Jan 31, 2025 (1 month ago)
CVE-2024-55417 CVE-2024-55416 CVE-2024-55415 CVE-2025-24085 CVE-2024-55591 CVE-2024-41710
  • Krypt3ia
Krypt3ia Daily Cyber Threat Intelligence (CTI) Digest

Date: 1.30.25 Top Headlines Fragmented cybersecurity is costing businesses billions, and putting them at risk Summary: Businesses are losing an average of 5% of their annual revenue simply due to frag ... Read more

Published Date: Jan 30, 2025 (1 month ago)
CVE-2024-41710
  • TheCyberThrone
Aquabot Exploits Mitel Flaw CVE-2024-41710

The Aquabot botnet, a sophisticated variant of the Mirai botnet, has been actively exploiting CVE-2024-41710, a high-severity command injection vulnerability in Mitel SIP phones. This detailed analysi ... Read more

Published Date: Jan 30, 2025 (1 month ago)
CVE-2025-22217 CVE-2025-0065 CVE-2024-41710
  • The Hacker News
New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks

Vulnerability / IoT Security A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into ... Read more

Published Date: Jan 30, 2025 (1 month ago)
CVE-2024-41710 CVE-2023-26801 CVE-2022-31137 CVE-2018-17532 CVE-2018-10562 CVE-2018-10561
  • BleepingComputer
New Aquabotv3 botnet malware targets Mitel command injection flaw

A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. The activity was discovered by Akam ... Read more

Published Date: Jan 30, 2025 (1 month ago)
CVE-2024-41710 CVE-2023-26801 CVE-2022-31137 CVE-2018-17532 CVE-2018-10562 CVE-2018-10561
  • Dark Reading
Mirai Variant ‘Aquabot’ Exploits Mitel Device Flaws

Source: Kirill Ivanov via Alamy Stock PhotoYet another Mirai botnet variant is making the rounds, this time offering distributed denial-of-service (DDoS) as-a-service by exploiting flaws in Mitel SIP ... Read more

Published Date: Jan 29, 2025 (1 month ago)
CVE-2024-41710
  • The Register
Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet

A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled botnet, according to Akamai's Security Intelligence and Response Te ... Read more

Published Date: Jan 29, 2025 (1 month ago)
CVE-2024-41710 CVE-2023-26801 CVE-2022-31137 CVE-2018-17532 CVE-2018-10562 CVE-2018-10561
  • security.nl
Botnet infecteert en gebruikt Mitel SIP-telefoons voor ddos-aanvallen

Onderzoekers van internetbedrijf Akamai hebben een botnet ontdekt dat Mitel SIP-telefoons infecteert en vervolgens gebruikt voor het uitvoeren van ddos-aanvallen. De Aquabot-malware achter de aanvalle ... Read more

Published Date: Jan 29, 2025 (1 month ago)
CVE-2024-41710

The following table lists the changes that have been made to the CVE-2024-41710 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Feb. 18, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Added CWE NIST CWE-88
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6863i_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6863i_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6865i_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6865i_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6867i_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6867i_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6869i_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6869i_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6873i_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6873i_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6905_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6905_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6910_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6910_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6915_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6915_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6920_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6920_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6920w_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6920w_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6930_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6930_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6930w_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6930w_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6940_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6940_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6940w_sip_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6940w_sip:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.4.0.136 OR cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*
    Changed Reference Type https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md No Types Assigned https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md Exploit, Third Party Advisory
    Changed Reference Type https://www.mitel.com/support/security-advisories No Types Assigned https://www.mitel.com/support/security-advisories Vendor Advisory
    Changed Reference Type https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019 No Types Assigned https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019 Vendor Advisory
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Feb. 13, 2025

    Action Type Old Value New Value
    Added Date Added 2025-02-12
    Added Due Date 2025-03-05
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Mitel SIP Phones Argument Injection Vulnerability
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Aug. 14, 2024

    Action Type Old Value New Value
    Added CWE CISA-ADP CWE-88
    Added CVSS V3.1 CISA-ADP AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE Modified by [email protected]

    Aug. 13, 2024

    Action Type Old Value New Value
    Added Reference MITRE https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019 [No types assigned]
  • CVE Received by [email protected]

    Aug. 12, 2024

    Action Type Old Value New Value
    Added Description A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
    Added Reference MITRE https://www.mitel.com/support/security-advisories [No types assigned]
    Added Reference MITRE https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-41710 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-41710 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: