CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39285
https://notcve.org/view.php?id=CVE-2023-39285
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. Una vulnerabilidad en el componente Edge Gateway de Mitel MiVoice Connect hasta 19.3 SP3 (22.24.5800.0) podría permitir que un atacante no autenticado realice un ataque de Cross Site Request Forgery (CSRF) debido a una validación de la solicitud insuficiente. Un exploit exitoso podría permitir a un atacante proporcionar una URL modificada, lo que potencialmente le permitiría modificar la configuración del sistema. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0014 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39289
https://notcve.org/view.php?id=CVE-2023-39289
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0011 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39287
https://notcve.org/view.php?id=CVE-2023-39287
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0010 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39290
https://notcve.org/view.php?id=CVE-2023-39290
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0012 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39291
https://notcve.org/view.php?id=CVE-2023-39291
A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0013 •