Cybersecurity researchers have disclosed particulars of two medium-security flaws in Mitel 6800/6900 desk phones that, if correctly exploited, could enable an attacker to attain root privileges on the products.
Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues had been identified by German penetration screening firm SySS, adhering to which patches had been delivered in May 2022.
“Due to this undocumented backdoor, an attacker with bodily entry to a susceptible desk phone can gain root accessibility by urgent certain keys on procedure boot, and then link to a furnished Telnet services as root consumer,” SySS researcher Matthias Deeg reported in a statement shared with The Hacker Information.
Specifically, the issue relates to a formerly not known features existing in a shell script (“check_mft.sh”) in the phones’ firmware that’s built to be executed at procedure boot.
“The check out_mft.sh checks if the ‘*’ and the ‘#’ keys are pressed and held concurrently at technique startup,” the scientists explained. “Soon after that, the static IP address 10.30.102[.]102 and a static root password is set and a telnet services is begun.”
Effective exploitation of the flaws could let access to delicate information and facts and code execution. The vulnerabilities affect 6800 and 6900 Series SIP telephones, excluding the 6970 model.
Users of the influenced models are proposed to update to the most up-to-date firmware variation to mitigate any possible risk arising out of exploiting the privilege escalation attack.
This is not the first time this kind of backdoor capabilities have been identified in telecommunications-connected firmware. In December 2021, RedTeam Pentesting unveiled two such bugs in Auerswald’s VoIP appliances that could be abused to achieve complete administrative entry to the devices.
Located this article exciting? Stick to THN on Fb, Twitter and LinkedIn to examine much more exclusive material we post.
Some pieces of this posting are sourced from: