Summary: A Mirai-based malware named Aquabot is targeting vulnerable Mitel SIP phones, exploiting the CVE-2024-41710 vulnerability to create a botnet for DDoS attacks. Mitel has released firmware updates to address this high-severity command injection flaw, but exploit attempts have been seen as recently as January 2025. This malware not only affects Mitel SIP devices but also targets various other systems, indicating a broad range of vulnerability exploitation.
Affected: Mitel SIP phones and associated systems
Keypoints :
- Aquabot exploits the command injection vulnerability CVE-2024-41710 in Mitel 6800, 6900, and 6900w series SIP phones.
- Mitel has advised that a successful exploit could lead to arbitrary command execution, affecting device confidentiality and integrity.
- The malware can spread to various architectures and also targets other systems like Hadoop YARN and Linksys routers.
Source: https://www.securityweek.com/aquabot-botnet-targeting-vulnerable-mitel-phones/