8.8
CVE-2024-28066
- EPSS 0.05%
- Published 08.04.2024 13:15:08
- Last modified 18.06.2025 19:01:05
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Mitel ≫ 6940w Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ 6930w Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ 6920w Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ 6970 Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ 6915 Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ 6910 Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ 6905 Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ Openscape Cp710 Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ Openscape Cp410 Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ Openscape Cp210 Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ Openscape Cp110 Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ Openscape Cpx10 Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ Openscape Dect Firmware Version >= 1.10.4.3 < 1.11.3.0
Mitel ≫ 700d Dect Firmware Version >= 1.10.4.3 < 1.11.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.132 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-1391 Use of Weak Credentials
The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.
CWE-259 Use of Hard-coded Password
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.