CVE-2024-28066

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28066
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://syss.de Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt Third Party Advisory Exploit
https://syss.de Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt Third Party Advisory Exploit
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mitel:6940w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6940w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mitel:6930w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6930w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mitel:6920w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6920w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mitel:6915_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6915:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:mitel:6910_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6910:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:mitel:6905_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:6905:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:mitel:openscape_cp710_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:openscape_cp710:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:mitel:openscape_cp410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:openscape_cp410:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:mitel:openscape_cp210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:openscape_cp210:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:mitel:openscape_cp110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:openscape_cp110:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:mitel:openscape_cpx10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:openscape_cpx10:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:mitel:openscape_dect_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:openscape_dect:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:mitel:700d_dect_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitel:700d_dect:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-04-08 13:15

Updated : 2025-06-18 19:01

NVD link : CVE-2024-28066

Mitre link : CVE-2024-28066

CVE.ORG link : CVE-2024-28066

JSON object : View

Products Affected

mitel

  • 6970
  • 6930w_firmware
  • 6940w_firmware
  • 700d_dect_firmware
  • 6915_firmware
  • 6940w
  • 6920w
  • openscape_cp410
  • 6930w
  • openscape_dect_firmware
  • 6920w_firmware
  • 700d_dect
  • openscape_cp410_firmware
  • 6905
  • openscape_cp110
  • 6915
  • openscape_cpx10_firmware
  • openscape_dect
  • openscape_cp210_firmware
  • 6970_firmware
  • openscape_cpx10
  • 6910_firmware
  • 6910
  • openscape_cp110_firmware
  • openscape_cp710_firmware
  • 6905_firmware
  • openscape_cp710
  • openscape_cp210
CWE
CWE-259

Use of Hard-coded Password

CWE-1391

Use of Weak Credentials