CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-31964
https://notcve.org/view.php?id=CVE-2024-31964
02 May 2024 — A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service. Una vulnerabilidad en los teléfonos SIP Mitel de las series 6800 y 6900, incluida la unidad de confe... • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0007 • CWE-284: Improper Access Control •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31966
https://notcve.org/view.php?id=CVE-2024-31966
02 May 2024 — A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify system configuration or execute arbitrary commands. Una vulnerabilidad en los teléfonos SIP Mitel de las series 68... • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0009 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-31967
https://notcve.org/view.php?id=CVE-2024-31967
02 May 2024 — A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration. Una vulnerabilidad en los teléfonos SIP Mitel de las series 6800 y 6900, incluida la unidad de conferencia 6970, has... • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0010 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28815
https://notcve.org/view.php?id=CVE-2024-28815
27 Mar 2024 — A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system. Una vulnerabilidad en el componente BluStar de Mitel InAttend 2.6 SP4 a 2.7 y CMG 8.5 SP4 a 8.6 podría permitir el acceso a información confidencial, cambios en la configuración del sistema o la ejecución de comandos arbitrarios dentro del contexto del s... • https://cwe.mitre.org/data/definitions/1188.html • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28069
https://notcve.org/view.php?id=CVE-2024-28069
16 Mar 2024 — A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component. Una vulnerabilidad en el componente de chat heredado de Mitel MiContact Center Business hasta la versión 10.0.0.4 podría permitir que un atacante... • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0001 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40265
https://notcve.org/view.php?id=CVE-2023-40265
08 Feb 2024 — An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload. Se descubrió un problema en Atos Unify OpenScape Xpressions WebAssistant V7 anterior a V7R1 FR5 HF42 P911. Permite la ejecución remota de código autenticado mediante la carga de archivos. • https://networks.unify.com/security/advisories/OBSO-2305-03.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40266
https://notcve.org/view.php?id=CVE-2023-40266
08 Feb 2024 — An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal. Se descubrió un problema en Atos Unify OpenScape Xpressions WebAssistant V7 anterior a V7R1 FR5 HF42 P911. Permite el path traversal. • https://networks.unify.com/security/advisories/OBSO-2305-03.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39285
https://notcve.org/view.php?id=CVE-2023-39285
14 Sep 2023 — A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. Una vulnerabilidad en el componente Edge Gateway de Mitel MiVoice Connect hasta 19.3 SP3 (22.24.5800.0) podría permitir que un atacante ... • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0014 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39286
https://notcve.org/view.php?id=CVE-2023-39286
14 Sep 2023 — A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. Una vulnerabilidad en el componente Connect Mobility Router de Mitel MiVoice Connect hasta 9.6.2304.102 podría permitir que un atacante ... • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0015 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39287
https://notcve.org/view.php?id=CVE-2023-39287
25 Aug 2023 — A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. • https://www.mitel.com/support/security-advisories • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •