CVE-2024-31967

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-284
View all →

Vulnerability Description

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration.

Related Vulnerabilities

CVE-2013-5654

CRITICAL
CVSS:9.1(Critical)

Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage

CWE-2842013

CVE-2015-1000009

CRITICAL
CVSS:9.1(Critical)

Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05

CWE-2842015

CVE-2015-8361

CRITICAL
CVSS:9.1(Critical)

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, o...

CWE-2842015

CVE-2016-4501

CRITICAL
CVSS:9.1(Critical)

Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via u...

CWE-2842016

CVE-2016-4694

CRITICAL
CVSS:9.1(Critical)

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data ...

CWE-2842016

CVE-2016-5599

CRITICAL
CVSS:9.1(Critical)

Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integ...

CWE-2842016