CVE-2024-28066 – CVE-2024-28066 is a hardcoded credential vulner... (How to Fix)

Q: What is the severity of CVE-2024-28066?

CVE-2024-28066 has a CVSS score of 8.8 (HIGH). CVE-2024-28066 is a hardcoded credential vulnerability in Unify CP IP Phone firmware that allows attackers to gain root access using a known default password. This affects all systems running the vulnerable firmware version. Attackers can completely compromise affected devices and potentially pivot to other network resources.

📋 TL;DR

CVE-2024-28066 is a hardcoded credential vulnerability in Unify CP IP Phone firmware that allows attackers to gain root access using a known default password. This affects all systems running the vulnerable firmware version. Attackers can completely compromise affected devices and potentially pivot to other network resources.

💻 Affected Systems

Products:

Unify CP IP Phone

Versions: 1.10.4.3

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this firmware version are vulnerable by default due to hardcoded credentials.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to eavesdropping on calls, data exfiltration, lateral movement to other network systems, and persistent backdoor installation.

🟠

Likely Case

Unauthorized root access to IP phones allowing configuration changes, call interception, and use as pivot points for further attacks.

🟢

If Mitigated

Limited impact if devices are isolated in separate VLANs with strict network segmentation and access controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the device but uses simple password authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check vendor website for firmware updates and apply if released.

🔧 Temporary Workarounds

Change root password

all

Manually change the root password on all affected devices

passwd root

Network segmentation

all

Isolate IP phones in separate VLAN with restricted access

🧯 If You Can't Patch

Segment IP phones into isolated network zones with strict firewall rules
Implement network monitoring for authentication attempts to IP phones

🔍 How to Verify

Check if Vulnerable:

Check firmware version via device web interface or SSH using default credentials

Check Version:

ssh root@[ip-address] 'cat /etc/version'

Verify Fix Applied:

Attempt SSH login with default credentials - should fail if password changed

📡 Detection & Monitoring

Log Indicators:

Failed SSH authentication attempts
Successful root logins from unexpected sources

Network Indicators:

SSH connections to IP phones from unauthorized IPs
Unusual outbound traffic from IP phones

SIEM Query:

source="ssh.log" (user="root" AND action="accepted") OR (user="root" AND action="failed")

📊 Metadata

CVE ID: CVE-2024-28066

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-259

Published: April 8, 2024

Last Updated: June 18, 2025

🔗 References

https://syss.de Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt Exploit,Third Party Advisory
https://syss.de Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-008.txt Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28066, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

6905 Firmware by Mitel

6910 Firmware by Mitel

6915 Firmware by Mitel

6920w Firmware by Mitel

6930w Firmware by Mitel

6940w Firmware by Mitel

6970 Firmware by Mitel

700d Dect Firmware by Mitel

Openscape Cp110 Firmware by Mitel

Openscape Cp210 Firmware by Mitel

Openscape Cp410 Firmware by Mitel

Openscape Cp710 Firmware by Mitel

Openscape Cpx10 Firmware by Mitel

Openscape Dect Firmware by Mitel