Cyber Resilience

CVE-2022-29855

MediumPublic PoC

Published: 11 May 2022

Published
11 May 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0035 58.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-29855 is a medium-severity an unspecified weakness vulnerability in Mitel 6873I Sip Firmware. Its CVSS base score is 6.8 (Medium).

Operationally, ranked in the top 41.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could…

more

allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mitel
6873i sip firmware
≤ 5.1.0.8017 · 6.0.0.368 — 6.1.0.171
mitel
6930 sip firmware
≤ 5.1.0.8017 · 6.0.0.368 — 6.1.0.171
mitel
6940 sip firmware
≤ 5.1.0.8017 · 6.0.0.368 — 6.1.0.171
mitel
6865i sip firmware
≤ 5.1.0.8017 · 6.0.0.368 — 6.1.0.171
mitel
6867i sip firmware
≤ 5.1.0.8017 · 6.0.0.368 — 6.1.0.171
mitel
6869i sip firmware
≤ 5.1.0.8017 · 6.0.0.368 — 6.1.0.171
mitel
6920 sip firmware
≤ 5.1.0.8016 · 6.0.0.368 — 6.1.0.165
mitel
6910 sip firmware
≤ 5.1.0.8016 · 6.0.0.368 — 6.1.0.165
mitel
6905 sip firmware
≤ 5.1.0.8016 · 6.0.0.368 — 6.1.0.165

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References