Cybersecurity researchers have disclosed particulars of two medium-security flaws in Mitel 6800/6900 desk telephones that, if efficiently exploited, may permit an attacker to realize root privileges on the gadgets.
Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS rating: 6.8), the entry management points have been found by German penetration testing agency SySS, following which patches have been shipped in Could 2022.
“As a result of this undocumented backdoor, an attacker with bodily entry to a susceptible desk cellphone can achieve root entry by urgent particular keys on system boot, after which connect with a offered Telnet service as root person,” SySS researcher Matthias Deeg stated in a press release shared with The Hacker Information.
Particularly, the difficulty pertains to a beforehand unknown performance current in a shell script (“check_mft.sh”) within the telephones’ firmware that is designed to be executed at system boot.
“The shell script “check_mft.sh”, which is positioned within the listing ‘/and so on’ on the cellphone, checks whether or not the keys “*” and “#” are pressed concurrently throughout system startup,” the researchers stated. “The cellphone then units its IP deal with to ‘10.30.102[.]102’ and begins a Telnet server. A Telnet login can then be carried out with a static root password.”
Profitable exploitation of the issues may permit entry to delicate data and code execution. The vulnerabilities influence 6800 and 6900 Collection SIP telephones, excluding the 6970 mannequin.
Customers of the affected fashions are beneficial to replace to the newest firmware model to mitigate any potential threat arising out of exploiting the privilege escalation assault.
This isn’t the primary time such backdoor options have been found in telecommunications-related firmware. In December 2021, RedTeam Pentesting revealed two such bugs in Auerswald’s VoIP home equipment that may very well be abused to realize full administrative entry to the gadgets.
