CVE-2024-28066 - Vulnerability Details

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00045.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:mitel:6940w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6940w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mitel:6930w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6930w:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mitel:6920w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6920w:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mitel:6970_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6970:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:mitel:6915_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6915:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:mitel:6910_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6910:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:mitel:6905_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:6905:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:mitel:openscape_cp710_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:openscape_cp710:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:mitel:openscape_cp410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:openscape_cp410:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:mitel:openscape_cp210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:openscape_cp210:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:mitel:openscape_cp110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:openscape_cp110:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:mitel:openscape_cpx10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:openscape_cpx10:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:mitel:openscape_dect_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:openscape_dect:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:mitel:700d_dect_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mitel:700d_dect:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Mitel Subscribe	6905 Subscribe 6905 Firmware Subscribe 6910 Subscribe 6910 Firmware Subscribe 6915 Subscribe 6915 Firmware Subscribe 6920w Subscribe 6920w Firmware Subscribe 6930w Subscribe 6930w Firmware Subscribe 6940w Subscribe 6940w Firmware Subscribe 6970 Subscribe 6970 Firmware Subscribe 700d Dect Subscribe 700d Dect Firmware Subscribe Openscape Cp110 Subscribe Openscape Cp110 Firmware Subscribe Openscape Cp210 Subscribe Openscape Cp210 Firmware Subscribe Openscape Cp410 Subscribe Openscape Cp410 Firmware Subscribe Openscape Cp710 Subscribe Openscape Cp710 Firmware Subscribe Openscape Cpx10 Subscribe Openscape Cpx10 Firmware Subscribe Openscape Dect Subscribe Openscape Dect Firmware Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://syss.de
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt

History

Wed, 18 Jun 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mitel Mitel 6905 Mitel 6905 Firmware Mitel 6910 Mitel 6910 Firmware Mitel 6915 Mitel 6915 Firmware Mitel 6920w Mitel 6920w Firmware Mitel 6930w Mitel 6930w Firmware Mitel 6940w Mitel 6940w Firmware Mitel 6970 Mitel 6970 Firmware Mitel 700d Dect Mitel 700d Dect Firmware Mitel openscape Cp110 Mitel openscape Cp110 Firmware Mitel openscape Cp210 Mitel openscape Cp210 Firmware Mitel openscape Cp410 Mitel openscape Cp410 Firmware Mitel openscape Cp710 Mitel openscape Cp710 Firmware Mitel openscape Cpx10 Mitel openscape Cpx10 Firmware Mitel openscape Dect Mitel openscape Dect Firmware
CPEs		cpe:2.3:h:mitel:6905:-:::::::* cpe:2.3:h:mitel:6910:-:::::::* cpe:2.3:h:mitel:6915:-:::::::* cpe:2.3:h:mitel:6920w:-:::::::* cpe:2.3:h:mitel:6930w:-:::::::* cpe:2.3:h:mitel:6940w:-:::::::* cpe:2.3:h:mitel:6970:-:::::::* cpe:2.3:h:mitel:700d_dect:-:::::::* cpe:2.3:h:mitel:openscape_cp110:-:::::::* cpe:2.3:h:mitel:openscape_cp210:-:::::::* cpe:2.3:h:mitel:openscape_cp410:-:::::::* cpe:2.3:h:mitel:openscape_cp710:-:::::::* cpe:2.3:h:mitel:openscape_cpx10:-:::::::* cpe:2.3:h:mitel:openscape_dect:-:::::::* cpe:2.3:o:mitel:6905_firmware:::::::: cpe:2.3:o:mitel:6910_firmware:::::::: cpe:2.3:o:mitel:6915_firmware:::::::: cpe:2.3:o:mitel:6920w_firmware:::::::: cpe:2.3:o:mitel:6930w_firmware:::::::: cpe:2.3:o:mitel:6940w_firmware:::::::: cpe:2.3:o:mitel:6970_firmware:::::::: cpe:2.3:o:mitel:700d_dect_firmware:::::::: cpe:2.3:o:mitel:openscape_cp110_firmware:::::::: cpe:2.3:o:mitel:openscape_cp210_firmware:::::::: cpe:2.3:o:mitel:openscape_cp410_firmware:::::::: cpe:2.3:o:mitel:openscape_cp710_firmware:::::::: cpe:2.3:o:mitel:openscape_cpx10_firmware:::::::: cpe:2.3:o:mitel:openscape_dect_firmware::::::::
Vendors & Products		Mitel Mitel 6905 Mitel 6905 Firmware Mitel 6910 Mitel 6910 Firmware Mitel 6915 Mitel 6915 Firmware Mitel 6920w Mitel 6920w Firmware Mitel 6930w Mitel 6930w Firmware Mitel 6940w Mitel 6940w Firmware Mitel 6970 Mitel 6970 Firmware Mitel 700d Dect Mitel 700d Dect Firmware Mitel openscape Cp110 Mitel openscape Cp110 Firmware Mitel openscape Cp210 Mitel openscape Cp210 Firmware Mitel openscape Cp410 Mitel openscape Cp410 Firmware Mitel openscape Cp710 Mitel openscape Cp710 Firmware Mitel openscape Cpx10 Mitel openscape Cpx10 Firmware Mitel openscape Dect Mitel openscape Dect Firmware

Thu, 15 Aug 2024 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1391 CWE-259
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-04-08T00:00:00

Updated: 2024-08-15T14:44:40.826Z

Reserved: 2024-03-01T00:00:00

Link: CVE-2024-28066

Vulnrichment

Updated: 2024-08-02T00:48:47.824Z

NVD

Status : Analyzed

Published: 2024-04-08T13:15:08.247

Modified: 2025-06-18T19:01:05.617

Link: CVE-2024-28066

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object