Cybersecurity researchers have disclosed particulars of two medium-security flaws in Mitel 6800/6900 desk phones that, if correctly exploited, could enable an attacker to attain root privileges on the products.
Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues had been identified by German penetration screening firm SySS, adhering to which patches had been delivered in May 2022.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“Due to this undocumented backdoor, an attacker with bodily entry to a susceptible desk phone can gain root accessibility by urgent certain keys on procedure boot, and then link to a furnished Telnet services as root consumer,” SySS researcher Matthias Deeg reported in a statement shared with The Hacker Information.
Specifically, the issue relates to a formerly not known features existing in a shell script (“check_mft.sh”) in the phones’ firmware that’s built to be executed at procedure boot.
“The check out_mft.sh checks if the ‘*’ and the ‘#’ keys are pressed and held concurrently at technique startup,” the scientists explained. “Soon after that, the static IP address 10.30.102[.]102 and a static root password is set and a telnet services is begun.”
Effective exploitation of the flaws could let access to delicate information and facts and code execution. The vulnerabilities affect 6800 and 6900 Series SIP telephones, excluding the 6970 model.
Users of the influenced models are proposed to update to the most up-to-date firmware variation to mitigate any possible risk arising out of exploiting the privilege escalation attack.
This is not the first time this kind of backdoor capabilities have been identified in telecommunications-connected firmware. In December 2021, RedTeam Pentesting unveiled two such bugs in Auerswald’s VoIP appliances that could be abused to achieve complete administrative entry to the devices.
Located this article exciting? Stick to THN on Fb, Twitter and LinkedIn to examine much more exclusive material we post.
Some pieces of this posting are sourced from:
thehackernews.com