Mitel has released security advisory addressing two vulnerabilities in Mitel SIP Phones including Mitel 6800 Series, 6900 Series, 6900w Series and 6970 Conference Unit. CVE-2025-47188 has a CVSSv3 base score of 9.8 and is a ‘command injection’ vulnerability that could allow an unauthenticated attacker to inject and execute arbitrary commands on the device.
Exploitation could lead to disclosure or modification of sensitive system and user configuration data that could potentially impact device availability and operation. CVE-2025-47187 has a CVSSv3 base score of 5.3 and is an ‘unauthenticated file upload’ vulnerability that could allow an unauthenticated attacker to upload arbitrary files on the device that may lead to storage exhaustion without affecting the device’s availability or operation.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Are Cross-Protocol Attacks The Next Big Cybersecurity Danger?
May 8, 2017
In the digital world we live in, technologies are rapidly evolving. Cyber threats are not lagging behind. While developers build more and more complex programs, hackers find new, smarter ways to attack. New threats can break connections that were considered highly secure until recently. One specific and recent example are the so-called cross–protocol attacks. They make it ...
- Intel Chip Vulnerability Worse than Thought, Lets Hackers Hijack Fleets of PCs
May 8, 2017
That vulnerability that Intel discovered and disclosed last week after going undetected for almost a decade is much worse than originally thought as it allows hackers to remotely gain full control over affected PCs running Windows, without even needing a password. As announced by Intel, the bug affects Intel’s Active Management Technology (AMT) which allows IT ...
- PCs with Intel Server Chipsets, Launched Since 2010, Can be Hacked Remotely
May 1, 2017
Updated: Since the below-reported vulnerability is highly critical and it would take a few weeks for sysadmins to protect their enterprise network, the research team has not yet disclosed the technical details of the vulnerability. Meanwhile, I have talked with Maksim Malyutin, a member of Embedi research team who discovered the vulnerability in March, and updated ...
- Systems-on-a-chip are a huge, unaudited attack surface, says Project Zero’s Wi‑Fi attack man
April 12, 2017
The internal inter-chip communications of devices like smartphones are a “huge, mostly unaudited attack surface,” according to Gal Beniamini of Google’s Project Zero, in his promised follow-up to last week’s demonstration of how to attack Wi‑Fi chips over the air. His April 4 “part one” prompted emergency patches from Apple and Google, new drivers from Broadcom ...
- Adobe Patches 59 Vulnerabilities Across Flash, Reader, Photoshop
April 11, 2017
Adobe patched 59 vulnerabilities in five different products, including Flash Player, Acrobat/Reader, Photoshop, Adobe Campaign, and its Adobe Creative Cloud App as part of its regularly scheduled software update today. The company warned in a series of security bulletins posted shortly before noon Tuesday that the bulk of the bugs, 44, are critical and could lead to code ...
- Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day
April 10, 2017
This weekend saw multiple reports of a new zero-day vulnerability that affected all versions of Microsoft Word. Today, Proofpoint researchers observed the document exploit being used in a large email campaign distributing the Dridex banking Trojan. This campaign was sent to millions of recipients across numerous organizations primarily in Australia. This represents a significant level of ...