FKIE_CVE-2024-28066
Vulnerability from fkie_nvd - Published: 2024-04-08 13:15 - Updated: 2025-06-18 19:01
Severity ?
Summary
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://syss.de | Not Applicable | |
| cve@mitre.org | https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://syss.de | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitel | 6940w_firmware | * | |
| mitel | 6940w | - | |
| mitel | 6930w_firmware | * | |
| mitel | 6930w | - | |
| mitel | 6920w_firmware | * | |
| mitel | 6920w | - | |
| mitel | 6970_firmware | * | |
| mitel | 6970 | - | |
| mitel | 6915_firmware | * | |
| mitel | 6915 | - | |
| mitel | 6910_firmware | * | |
| mitel | 6910 | - | |
| mitel | 6905_firmware | * | |
| mitel | 6905 | - | |
| mitel | openscape_cp710_firmware | * | |
| mitel | openscape_cp710 | - | |
| mitel | openscape_cp410_firmware | * | |
| mitel | openscape_cp410 | - | |
| mitel | openscape_cp210_firmware | * | |
| mitel | openscape_cp210 | - | |
| mitel | openscape_cp110_firmware | * | |
| mitel | openscape_cp110 | - | |
| mitel | openscape_cpx10_firmware | * | |
| mitel | openscape_cpx10 | - | |
| mitel | openscape_dect_firmware | * | |
| mitel | openscape_dect | - | |
| mitel | 700d_dect_firmware | * | |
| mitel | 700d_dect | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6940w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8F353A-2954-4FCF-B481-C192FD983206",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6940w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90B86603-CC66-49E1-AB63-94A628FA44E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6930w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAFE2C1-336F-4B5A-BEF0-EE766508B3A3",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6930w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A57C4650-5CA1-4417-9EE7-22D9FDC8124D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6920w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB75480D-DE6A-4038-AC3B-622BB5D8F8F8",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6920w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71EB8862-6461-428F-8B82-C054C4D2CE5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5288B8BB-678A-4910-BBF4-3E8257AFAE75",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*",
"matchCriteriaId": "651C4A02-AE83-4D6E-B49F-D756DF8032F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6915_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C89C7D-9753-484C-902E-8BB0A28185AE",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12F66268-D7C8-450A-BBFF-33EE09DF4A5F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB643C04-00DF-4EF1-8A1E-39BD6800C553",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92F0F9-CC50-4C36-A7E8-751B6C98E8B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:6905_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C916E4A-39AC-452F-BAD4-4E47CD69F70A",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:6905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD555D7-9F4C-46A1-B8DD-D60EB0BA6797",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:openscape_cp710_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B1F5EE-FB44-43AD-9D37-CBA8D2155831",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:openscape_cp710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85362640-CB42-40BB-8803-F7D960911327",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:openscape_cp410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37C4EA4-5DD1-44FF-A282-7AE88508E6DC",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:openscape_cp410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51303B03-5853-495B-9F7E-C7F530CE57EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:openscape_cp210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9918B1F7-7E82-4D80-9058-A1C4C65009BD",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:openscape_cp210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE489CF3-FAF4-48BE-A548-651C0B2E5CDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:openscape_cp110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDFD4E2-00A5-42A7-940D-FF7C06497C35",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:openscape_cp110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F91E6A0-E42D-4173-9AC9-76DB576A61C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:openscape_cpx10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B08446-EB47-4B1E-9F44-DD9EA5EC855E",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:openscape_cpx10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E2F08B1-A897-41D7-A515-2376A0A7C8EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:openscape_dect_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA4596E-508B-40DF-98B6-CEFF87019911",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:openscape_dect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DDF093-3F48-4789-AD24-49F137B22AE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mitel:700d_dect_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A563B34B-B56B-43A9-AE83-4D792A44792E",
"versionEndExcluding": "1.11.3.0",
"versionStartIncluding": "1.10.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mitel:700d_dect:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09BDF12A-9343-4663-8A64-77BCEE5928D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password)."
},
{
"lang": "es",
"value": "En el firmware 1.10.4.3 de Unify CP IP Phone, se utilizan credenciales d\u00e9biles (una contrase\u00f1a ra\u00edz codificada)."
}
],
"id": "CVE-2024-28066",
"lastModified": "2025-06-18T19:01:05.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-08T13:15:08.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://syss.de"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://syss.de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-259"
},
{
"lang": "en",
"value": "CWE-1391"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…