CVE-2024-28066 - Vulnerability Details

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mitel	6905 6905 Firmware 6910 6910 Firmware 6915 6915 Firmware 6920w 6920w Firmware 6930w 6930w Firmware 6940w 6940w Firmware 6970 6970 Firmware 700d Dect 700d Dect Firmware Openscape Cp110 Openscape Cp110 Firmware Openscape Cp210 Openscape Cp210 Firmware Openscape Cp410 Openscape Cp410 Firmware Openscape Cp710 Openscape Cp710 Firmware Openscape Cpx10 Openscape Cpx10 Firmware Openscape Dect Openscape Dect Firmware

Configuration 1 [-]

AND

cpe:2.3:o:mitel:6940w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6940w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitel:6930w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6930w:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitel:6920w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6920w:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:mitel:6915_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6915:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:mitel:6910_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6910:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:mitel:6905_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6905:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:mitel:openscape_cp710_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:openscape_cp710:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:mitel:openscape_cp410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:openscape_cp410:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:mitel:openscape_cp210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:openscape_cp210:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:mitel:openscape_cp110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:openscape_cp110:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:mitel:openscape_cpx10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:openscape_cpx10:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:mitel:openscape_dect_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:openscape_dect:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:mitel:700d_dect_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:700d_dect:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://syss.de
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt

History

Wed, 18 Jun 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mitel Mitel 6905 Mitel 6905 Firmware Mitel 6910 Mitel 6910 Firmware Mitel 6915 Mitel 6915 Firmware Mitel 6920w Mitel 6920w Firmware Mitel 6930w Mitel 6930w Firmware Mitel 6940w Mitel 6940w Firmware Mitel 6970 Mitel 6970 Firmware Mitel 700d Dect Mitel 700d Dect Firmware Mitel openscape Cp110 Mitel openscape Cp110 Firmware Mitel openscape Cp210 Mitel openscape Cp210 Firmware Mitel openscape Cp410 Mitel openscape Cp410 Firmware Mitel openscape Cp710 Mitel openscape Cp710 Firmware Mitel openscape Cpx10 Mitel openscape Cpx10 Firmware Mitel openscape Dect Mitel openscape Dect Firmware
CPEs		cpe:2.3:h:mitel:6905:-:::::::* cpe:2.3:h:mitel:6910:-:::::::* cpe:2.3:h:mitel:6915:-:::::::* cpe:2.3:h:mitel:6920w:-:::::::* cpe:2.3:h:mitel:6930w:-:::::::* cpe:2.3:h:mitel:6940w:-:::::::* cpe:2.3:h:mitel:6970:-:::::::* cpe:2.3:h:mitel:700d_dect:-:::::::* cpe:2.3:h:mitel:openscape_cp110:-:::::::* cpe:2.3:h:mitel:openscape_cp210:-:::::::* cpe:2.3:h:mitel:openscape_cp410:-:::::::* cpe:2.3:h:mitel:openscape_cp710:-:::::::* cpe:2.3:h:mitel:openscape_cpx10:-:::::::* cpe:2.3:h:mitel:openscape_dect:-:::::::* cpe:2.3:o:mitel:6905_firmware:::::::: cpe:2.3:o:mitel:6910_firmware:::::::: cpe:2.3:o:mitel:6915_firmware:::::::: cpe:2.3:o:mitel:6920w_firmware:::::::: cpe:2.3:o:mitel:6930w_firmware:::::::: cpe:2.3:o:mitel:6940w_firmware:::::::: cpe:2.3:o:mitel:6970_firmware:::::::: cpe:2.3:o:mitel:700d_dect_firmware:::::::: cpe:2.3:o:mitel:openscape_cp110_firmware:::::::: cpe:2.3:o:mitel:openscape_cp210_firmware:::::::: cpe:2.3:o:mitel:openscape_cp410_firmware:::::::: cpe:2.3:o:mitel:openscape_cp710_firmware:::::::: cpe:2.3:o:mitel:openscape_cpx10_firmware:::::::: cpe:2.3:o:mitel:openscape_dect_firmware::::::::
Vendors & Products		Mitel Mitel 6905 Mitel 6905 Firmware Mitel 6910 Mitel 6910 Firmware Mitel 6915 Mitel 6915 Firmware Mitel 6920w Mitel 6920w Firmware Mitel 6930w Mitel 6930w Firmware Mitel 6940w Mitel 6940w Firmware Mitel 6970 Mitel 6970 Firmware Mitel 700d Dect Mitel 700d Dect Firmware Mitel openscape Cp110 Mitel openscape Cp110 Firmware Mitel openscape Cp210 Mitel openscape Cp210 Firmware Mitel openscape Cp410 Mitel openscape Cp410 Firmware Mitel openscape Cp710 Mitel openscape Cp710 Firmware Mitel openscape Cpx10 Mitel openscape Cpx10 Firmware Mitel openscape Dect Mitel openscape Dect Firmware

Thu, 15 Aug 2024 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1391 CWE-259
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-04-08T00:00:00

Updated: 2024-08-15T14:44:40.826Z

Reserved: 2024-03-01T00:00:00

Link: CVE-2024-28066

Vulnrichment

Updated: 2024-08-02T00:48:47.824Z

NVD

Status : Analyzed

Published: 2024-04-08T13:15:08.247

Modified: 2025-06-18T19:01:05.617

Link: CVE-2024-28066

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object