CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39288
https://notcve.org/view.php?id=CVE-2023-39288
25 Aug 2023 — A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. • https://www.mitel.com/support/security-advisories • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39289
https://notcve.org/view.php?id=CVE-2023-39289
25 Aug 2023 — A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information. • https://www.mitel.com/support/security-advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39290
https://notcve.org/view.php?id=CVE-2023-39290
25 Aug 2023 — A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. • https://www.mitel.com/support/security-advisories •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39291
https://notcve.org/view.php?id=CVE-2023-39291
25 Aug 2023 — A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. • https://www.mitel.com/support/security-advisories •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32748
https://notcve.org/view.php?id=CVE-2023-32748
14 Aug 2023 — The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. • https://www.mitel.com/support/security-advisories • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39292
https://notcve.org/view.php?id=CVE-2023-39292
14 Aug 2023 — A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0CVE-2023-39293
https://notcve.org/view.php?id=CVE-2023-39293
14 Aug 2023 — A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0009 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31457
https://notcve.org/view.php?id=CVE-2023-31457
24 May 2023 — A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. • https://www.mitel.com/support/security-advisories •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31458
https://notcve.org/view.php?id=CVE-2023-31458
24 May 2023 — A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. • https://www.mitel.com/support/security-advisories •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31459
https://notcve.org/view.php?id=CVE-2023-31459
24 May 2023 — A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. • https://www.mitel.com/support/security-advisories • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •