Is CVE-2024-41710 exploitable?

Yes — CVE-2024-41710 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it is confirmed exploited in the wild.

Is CVE-2024-41710 a false positive?

No practitioners have marked CVE-2024-41710 a false positive so far (2 verdicts).

How do I remediate CVE-2024-41710?

Practitioners have shared remediation steps for CVE-2024-41710 — see the remediation notes on this page.

CVE-2024-41710

is CVE-2024-41710real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch

High · CVSS 7.2EPSS 41.2%CISA KEVCWE-88

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.

References

NVD MITRE CVE.org CISA KEV

Published Aug 12, 2024

Embed this verdict

Markdown

[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2024-41710/badge.svg)](https://www.truepositive.app/cve/CVE-2024-41710)

HTML

<a href="https://www.truepositive.app/cve/CVE-2024-41710"><img src="https://www.truepositive.app/cve/CVE-2024-41710/badge.svg" alt="TruePositive verdict for CVE-2024-41710"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

2 verdicts

Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

Pick your verdict — we'll save it right after a quick sign-in.

Community real-world severity: High (High 2) — CVSS base score 7.2

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

0
Field note · Diego RamírezCurated
Mitel SIP Phones Argument Injection Vulnerability — Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system. Listed in the CISA KEV catalog (added 2025-02-12) — confirmed exploited in the wild, not theoretical. FIRST EPSS puts the chance of exploitation in the next 30 days at ~41%. Treat it as real and prioritize remediation over triage.
0
Remediation · Marco FerriCurated
Required action for Mitel SIP Phones: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. CISA set a federal remediation due date of 2025-03-05. After patching, verify the vulnerable path is no longer reachable before closing the finding.

Same weakness — CWE-88.

CVE-2024-41710

Community ground truth

Field notes & remediation

Related CVEs