The Hacker News reports that Mitel's 6800 and 6900 Series SIP phones are being affected by two medium-severity vulnerabilities, which could be exploited to achieve root privileges.
Mitel has already issued patches for the flaws, tracked as CVE-2022-29854 and CVE-2022-29855 which were identified by SySS security researchers last month. "Due to this undocumented backdoor, an attacker with physical access to a vulnerable desk phone can gain root access by pressing specific keys on system boot, and then connect to a provided Telnet service as root user," said SySS researcher Matthias Deeg.
Researchers noted that the vulnerability concerns a recently identified shell script functionality that could be executed at system boot. "The shell script 'check_mft.sh,' which is located in the directory '/etc' on the phone, checks whether the keys "*" and "#" are pressed simultaneously during system startup. The phone then sets its IP address to '10.30.102[.]102' and starts a Telnet server. A Telnet login can then be performed with a static root password," researchers added.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds