Cyber Resilience

CVE-2024-41710

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 12 August 2024

Published
12 August 2024
Modified
05 November 2025
KEV Added
12 February 2025
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1969 95.6th percentile
Risk Priority 46 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-41710 is a high-severity Argument Injection (CWE-88) vulnerability in Mitel 6970 Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 4.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-41710 is an argument injection vulnerability caused by insufficient parameter sanitization during the boot process. It affects Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through firmware version R6.4.0.HF1 (R6.4.0.136). The flaw is tracked under CWE-88 and carries a CVSS 3.1 score of 7.2.

An authenticated attacker with administrative privileges can exploit the issue over the network to inject arguments and execute arbitrary commands on the affected phone in the context of the system. Successful exploitation grants full control over the device configuration and operations.

Mitel has published security advisory 24-0019 along with a general support page listing affected products and remediation steps. The vendor recommends applying the latest firmware updates that address the sanitization weakness.

The vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, confirming real-world exploitation activity. A public proof-of-concept is available on GitHub, and the EPSS score has remained near 0.20 with only minor fluctuation between its current value of 0.1969 and peak of 0.2157.

EU & UK References

Vulnerability details

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter…

more

sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

CWE(s)
KEV Date Added
12 February 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The vulnerability allows an authenticated administrative attacker to perform argument injection during the boot process, enabling arbitrary command execution in the system context. This facilitates exploitation of remote services (T1210) and exploitation for privilege escalation (T1068).

Affected Assets

mitel
6970 firmware
≤ 6.4.0.136
mitel
6940w sip firmware
≤ 6.4.0.136
mitel
6930w sip firmware
≤ 6.4.0.136
mitel
6920w sip firmware
≤ 6.4.0.136
mitel
6920 sip firmware
≤ 6.4.0.136
mitel
6915 sip firmware
≤ 6.4.0.136
mitel
6910 sip firmware
≤ 6.4.0.136
mitel
6905 sip firmware
≤ 6.4.0.136
mitel
6940 sip firmware
≤ 6.4.0.136
mitel
6930 sip firmware
≤ 6.4.0.136
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References