CVE-2024-31965

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information.
Configurations

No configuration.

History

03 Jul 2024, 01:55

Type Values Removed Values Added
CWE CWE-20
CWE-22
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.2

03 May 2024, 17:15

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en los teléfonos SIP Mitel de las series 6800 y 6900, incluida la unidad de conferencia 6970, hasta 6.3 SP3 HF4, permite a un atacante autenticado con privilegios administrativos realizar un ataque de path traversal debido a una validación de entrada insuficiente. Un exploit exitoso podría permitir a un atacante acceder a información confidencial.
Summary (en) A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information. (en) A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information.

02 May 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-02 16:15

Updated : 2024-07-03 01:55


NVD link : CVE-2024-31965

Mitre link : CVE-2024-31965

CVE.ORG link : CVE-2024-31965


JSON object : View

Products Affected

No product.

CWE
CWE-20

Improper Input Validation

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')