CVE-2024-28066

moderate-risk
Published 2024-04-08

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
ADJACENT_NETWORK / LOW complexity

Affected Products (14)

6940W Firmware
6930W Firmware
6920W Firmware
6915 Firmware
6910 Firmware
6905 Firmware
Openscape Cp710 Firmware
Openscape Cp410 Firmware
Openscape Cp210 Firmware
Openscape Cp110 Firmware
Openscape Cpx10 Firmware
Openscape Dect Firmware
700D Dect Firmware

Affected Vendors

Mitel

References (4)

Not Applicable https://syss.de
Exploit https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.t...
Not Applicable https://syss.de
Exploit https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.t...
45
/ 100
moderate-risk
Severity 27/34 · High
Exploitability 0/34 · Minimal
Exposure 18/34 · Moderate