Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked asCVE-2022-29854andCVE-2022-29855(CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May