{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31964", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T01:59:50.692Z", "dateReserved": "2024-04-08T00:00:00", "datePublished": "2024-05-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-03T16:17:10.792341"}, "descriptions": [{"lang": "en", "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0007"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "affected": [{"vendor": "mitel", "product": "6900w_series_sip_phone", "cpes": ["cpe:2.3:h:mitel:6900w_series_sip_phone:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.3.3 ", "versionType": "custom"}]}, {"vendor": "mitel", "product": "6970_conference_unit", "cpes": ["cpe:2.3:a:mitel:6970_conference_unit:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "Version 5.1.1 SP8 ", "versionType": "custom"}]}, {"vendor": "mitel", "product": "6800_series_sip_phones", "cpes": ["cpe:2.3:h:mitel:6800_series_sip_phones:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.3 SP3 HF4", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-10T18:32:58.316115Z", "id": "CVE-2024-31964", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T17:05:52.670Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:59:50.692Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0007", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31964", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-06-06T17:05:52.670Z", "dateReserved": "2024-04-08T00:00:00", "datePublished": "2024-05-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-03T16:17:10.792341"}, "descriptions": [{"lang": "en", "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0007"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31964", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-10T18:32:58.316115Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:mitel:6900w_series_sip_phone:-:*:*:*:*:*:*:*"], "vendor": "mitel", "product": "6900w_series_sip_phone", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.3.3 "}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:mitel:6970_conference_unit:*:*:*:*:*:*:*:*"], "vendor": "mitel", "product": "6970_conference_unit", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Version 5.1.1 SP8 "}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mitel:6800_series_sip_phones:-:*:*:*:*:*:*:*"], "vendor": "mitel", "product": "6800_series_sip_phones", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.3 SP3 HF4"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-10T18:31:26.508Z"}}]}}

{"descriptions": [{"lang": "en", "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service."}, {"lang": "es", "value": "Una vulnerabilidad en los tel\u00e9fonos SIP Mitel de las series 6800 y 6900, incluida la unidad de conferencia 6970, hasta 6.3 SP3 HF4, permite a un atacante no autenticado llevar a cabo un ataque de omisi\u00f3n de autenticaci\u00f3n debido a un control de autenticaci\u00f3n inadecuado. Un exploit exitoso podr\u00eda permitir a un atacante modificar la configuraci\u00f3n del sistema y potencialmente causar una denegaci\u00f3n de servicio."}], "id": "CVE-2024-31964", "lastModified": "2024-11-21T09:14:13.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-02T16:15:07.913", "references": [{"source": "cve@mitre.org", "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0007"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0007"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}