Remote code execution and elevation of local privileges in Mitel Unify OpenStage and OpenScape VoIP phones
During a research project, Pentagrid identified multiple vulnerabilities in the OpenStage and OpenScape VoIP phone series. The combination of insecure defaults and implementation weaknesses allows a remote compromise and the elevation of privileges for a network-local attacker on phones with an unhardened default configuration. Compromising a phone does not only allow to wiretap phone calls, but could also be abused to access microphones for listening to rooms. The vulnerabilities affect a wide range of devices. Pentagrid assumes that many small companies don't use a hardened configuration and are likely affected.