CVE-2024-41710 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-08-12

Added to CISA KEV: 2025-02-12 184 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately update Mitel SIP phone firmware to version R6.4.0.HF2 or later
Review administrative access logs for suspicious activity or unauthorized privilege escalation
Implement network segmentation to isolate SIP phones from critical network infrastructure
Audit administrative accounts and implement principle of least privilege
Monitor network traffic from SIP phones for unusual outbound connections
Priority: HIGH due to CISA KEV listing and potential for lateral movement

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-41710 is a security vulnerability affecting various Mitel SIP phone series that can lead to unauthorized command execution with elevated privileges ^[2] ^[1].

Vulnerability Overview

Description: The vulnerability is an argument/command injection flaw caused by insufficient parameter sanitization during the device's boot process ^[2].
Impact: Successful exploitation can allow an attacker to gain root access to the affected device ^[1].
Affected Products: Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, running firmware versions through R6.4.0.HF1 (R6.4.0.136) ^[3] ^[1].

Exploitation Details

Requirements: Exploitation requires the attacker to already have authenticated administrative access to the device ^[2] ^[4].
Proof-of-Concept (PoC): A proof-of-concept exploit has been publicly released by a researcher (Kyle Burns of Packetlabs) on GitHub ^[1].

Threat Landscape

Active Exploitation: While security researchers and organizations like Akamai SIRT have monitored the threat, there is no widespread evidence reported of this vulnerability being used in major ransomware campaigns or targeted attacks in the wild as of the available data ^[1].
Mitigation: Users are advised to check for and apply the latest firmware updates provided by Mitel to address the sanitization flaw. Organizations should ensure that administrative interfaces for these devices are not exposed to untrusted networks to minimize the risk of unauthorized access.

Sources

CVE-2024-41710 - Exploits & Severity - Feedly
Threat Intelligence Report CVE-2024-41710 is a critical command injection vulnerability affecting Mitel 6800, 6900, and 6900w series SIP phones, including the 6970 Conference Unit, which can lead to root access due to an input sanitization flaw. Exploitation of this vulnerability has been demonstrat…
NVD - CVE-2024-41710
Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. ... CVE-2024-41710 Detail. Description. A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including…
CVE-2024-41710 Detail - NVD
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136)…
A vulnerability in the Mitel 6800 Series, 6900 Series
Affected versions.Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability. Attack complexity: More severe for the least complex attacks. Privileges required: More severe if no privileges are required. User interaction: More s…