IRONSMITHINTEL
HIGHCVSS7.2
|
Actively Exploited
|CISA KEV|CVE-2024-41710|Auth: high — administrative privileges|Reboot: required|Manual only

Mitel SIP Phones Argument Injection Vulnerability

Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.

Published Aug 12, 2024 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, with administrative privileges, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2025-03-05 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Software Vulnerability (CWE-88) (CWE-88) vulnerability in Mitel SIP Phones. A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system. Exploitation requires remote network access, low attack complexity, an administrative account, and no user interaction required.

Am I affected?Quick check

Probably yes if any of these apply:

IT Security
Running 6970 firmware: v ≤ 6.4.0.136; 6940w sip firmware: v ≤ 6.4.0.136; 6930w sip firmware: v ≤ 6.4.0.136; 6920w sip firmware: v ≤ 6.4.0.136; 6920 sip firmware: v ≤ 6.4.0.136; 6915 sip firmware: v ≤ 6.4.0.136; 6910 sip firmware: v ≤ 6.4.0.136; 6905 sip firmware: v ≤ 6.4.0.136; 6940 sip firmware: v ≤ 6.4.0.136; 6930 sip firmware: v ≤ 6.4.0.136; 6873i sip firmware: v ≤ 6.4.0.136; 6869i sip firmware: v ≤ 6.4.0.136; 6867i sip firmware: v ≤ 6.4.0.136; 6865i sip firmware: v ≤ 6.4.0.136; 6863i sip firmware: v ≤ 6.4.0.136
Real-world incidentsWhat we've seen

Active exploitation documented in the wild. Threat-research write-up: https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.md

How to patch

Manual remediation steps

Apply the Vendor Patch

This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.

CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

    1
    Vendor advisory: https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0019-001-v2.pdf
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-41710
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41710
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2024-41710NVDVendor Advisory