Security News > 2022 > June > Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices.
Tracked as CVE-2022-29854 and CVE-2022-29855, the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May 2022.
"Due to this undocumented backdoor, an attacker with physical access to a vulnerable desk phone can gain root access by pressing specific keys on system boot, and then connect to a provided Telnet service as root user," SySS researcher Matthias Deeg said in a statement shared with The Hacker News.
Specifically, the issue relates to a previously unknown functionality present in a shell script in the phones' firmware that's designed to be executed at system boot.
Successful exploitation of the flaws could allow access to sensitive information and code execution.
In December 2021, RedTeam Pentesting revealed two such bugs in Auerswald's VoIP appliances that could be abused to gain full administrative access to the devices.
News URL
https://thehackernews.com/2022/06/researchers-disclose-rooting-backdoor.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-13 | CVE-2022-29854 | Incorrect Authorization vulnerability in Mitel Minet Firmware 1.8.0.12 A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. | 6.8 |
2022-05-11 | CVE-2022-29855 | Unspecified vulnerability in Mitel products Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. low complexity mitel | 6.8 |