CVE-2024-41710

Name: CVE-2024-41710
Creator: NVD / NIST
Published: 2024-08-12T19:15:16.85+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.2/10Actively ExploitedEPSS 41.61%

Last modified Jun 17, 2026

CVE-2024-41710 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.. CISA has confirmed active exploitation in the wild. EPSS estimates a 41.61% chance of exploitation in the next 30 days.

Description

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

Metrics

CVSS 3.1

7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

41.61%

98.5th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Mar 5, 2025.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Mitel	6970 Firmware	<= 6.4.0.136
Mitel	6940w Sip Firmware	<= 6.4.0.136
Mitel	6930w Sip Firmware	<= 6.4.0.136
Mitel	6920w Sip Firmware	<= 6.4.0.136
Mitel	6920 Sip Firmware	<= 6.4.0.136
Mitel	6915 Sip Firmware	<= 6.4.0.136
Mitel	6910 Sip Firmware	<= 6.4.0.136
Mitel	6905 Sip Firmware	<= 6.4.0.136
Mitel	6940 Sip Firmware	<= 6.4.0.136
Mitel	6930 Sip Firmware	<= 6.4.0.136
Mitel	6873i Sip Firmware	<= 6.4.0.136
Mitel	6869i Sip Firmware	<= 6.4.0.136
Mitel	6867i Sip Firmware	<= 6.4.0.136
Mitel	6865i Sip Firmware	<= 6.4.0.136
Mitel	6863i Sip Firmware	<= 6.4.0.136

References

https://github.com/kwburns/CVE/blob/main/Mitel/6.3.0.1020/README.mdExploit, Third Party Advisory
https://www.mitel.com/support/security-advisoriesVendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0019Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41710US Government Resource

Timeline

Published: Aug 12, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-41710?

How severe is CVE-2024-41710?

CVE-2024-41710 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 41.61% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2024-41710?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-41710?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST