• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers disclose rooting backdoor in mitel ip phones for businesses

Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses

You are here: Home / General Cyber Security News / Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
June 13, 2022

Cybersecurity researchers have disclosed particulars of two medium-security flaws in Mitel 6800/6900 desk phones that, if correctly exploited, could enable an attacker to attain root privileges on the products.

Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues had been identified by German penetration screening firm SySS, adhering to which patches had been delivered in May 2022.

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“Due to this undocumented backdoor, an attacker with bodily entry to a susceptible desk phone can gain root accessibility by urgent certain keys on procedure boot, and then link to a furnished Telnet services as root consumer,” SySS researcher Matthias Deeg reported in a statement shared with The Hacker Information.

Specifically, the issue relates to a formerly not known features existing in a shell script (“check_mft.sh”) in the phones’ firmware that’s built to be executed at procedure boot.

“The check out_mft.sh checks if the ‘*’ and the ‘#’ keys are pressed and held concurrently at technique startup,” the scientists explained. “Soon after that, the static IP address 10.30.102[.]102 and a static root password is set and a telnet services is begun.”

Effective exploitation of the flaws could let access to delicate information and facts and code execution. The vulnerabilities affect 6800 and 6900 Series SIP telephones, excluding the 6970 model.

CyberSecurity

Users of the influenced models are proposed to update to the most up-to-date firmware variation to mitigate any possible risk arising out of exploiting the privilege escalation attack.

This is not the first time this kind of backdoor capabilities have been identified in telecommunications-connected firmware. In December 2021, RedTeam Pentesting unveiled two such bugs in Auerswald’s VoIP appliances that could be abused to achieve complete administrative entry to the devices.

Located this article exciting? Stick to THN on Fb, Twitter  and LinkedIn to examine much more exclusive material we post.


Some pieces of this posting are sourced from:
thehackernews.com

Previous Post: «quick and simple: bpfdoor explained Quick and Simple: BPFDoor Explained
Next Post: Chinese ‘Gallium’ Hackers Using New PingPull Malware in Cyberespionage Attacks chinese 'gallium' hackers using new pingpull malware in cyberespionage attacks»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.