CVE-2024-31967

CRITICAL
Published May 2, 2024 Modified Apr 15, 2026 CWE-284

Description

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration.

Is your site exposed to CVE-2024-31967?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weakness Type (CWE)

CWE-284 CWE-284

References

Frequently Asked Questions

What is CVE-2024-31967? +
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration. It has a CVSS v3.1 base score of 9.1 (CRITICAL).
How severe is CVE-2024-31967? +
CVE-2024-31967 has a CVSS v3.1 score of 9.1 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
How do I check if I'm vulnerable to CVE-2024-31967? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-31967 — free, no signup required.