CyberSecurity news
FlagThis - #mitel
|
@cyberpress.org
//
Critical security vulnerabilities have been discovered in Mitel SIP phones, potentially exposing enterprise communication systems to unauthorized access and control. The flaws impact widely deployed models, including the 6800, 6900, and 6900w Series, as well as the 6970 Conference Unit. These vulnerabilities include a command injection flaw (CVE-2025-47188) and an unauthenticated file upload vulnerability (CVE-2025-47187). Mitel has issued a security advisory, MISA-2025-0004, urging users to update their devices immediately.
Mitel's critical command injection vulnerability (CVE-2025-47188) allows unauthenticated attackers with network access to execute arbitrary commands on affected phones. The flaw stems from insufficient sanitization of parameters within the device’s web management interface. With a CVSS score of 9.8, exploitation of this vulnerability could grant attackers control over the device, enabling them to exfiltrate sensitive data, alter system settings, and disrupt operations. This could also allow attackers to use the compromised device as a foothold to pivot deeper into enterprise networks. The affected devices are Mitel 6800, 6900, and 6900w Series SIP Phones, and the 6970 Conference Unit running firmware version R6.4.0.SP4 or earlier. Mitel recommends upgrading to firmware version R6.4.0.SP5 or newer releases to mitigate these risks. While Mitel suggests keeping SIP phones on protected internal networks, organizations with expansive and poorly segmented networks remain at heightened risk.
Share:
References :
Classification:
|