CVSS: 8.3EPSS: 4%CPEs: 1EXPL: 0CVE-2023-31460
https://notcve.org/view.php?id=CVE-2023-31460
24 May 2023 — A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters. • https://www.mitel.com/support/security-advisories • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25598
https://notcve.org/view.php?id=CVE-2023-25598
24 May 2023 — A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts. • https://www.mitel.com/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25599
https://notcve.org/view.php?id=CVE-2023-25599
24 May 2023 — A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. • https://www.mitel.com/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25597
https://notcve.org/view.php?id=CVE-2023-25597
14 Apr 2023 — A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0002 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22854
https://notcve.org/view.php?id=CVE-2023-22854
13 Feb 2023 — The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. • https://www.mitel.com/support/security-advisories • CWE-839: Numeric Range Comparison Without Minimum Check •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 0CVE-2022-41223 – Mitel MiVoice Connect Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-41223
22 Nov 2022 — The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. El componente de base de datos Director de MiVoice Connect hasta la versión 19.3 (22.22.6100.0) podría permitir a un atacante autenticado realizar un ataque de inyección de código a través de datos manipulados debido a restricciones insuficientes en el tipo de datos de la base de da... • https://www.mitel.com/support/security-advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2022-41326
https://notcve.org/view.php?id=CVE-2022-41326
22 Nov 2022 — The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. El componente de conferencia web de Mitel MiCollab hasta la versión 9.6.0.13 podría permitir que un atacante no autenticado cargue scripts arbitrarios debido a controles de autorización inadecuados. Un exploit exitoso podría permitir la ejecuci... • https://www.mitel.com/support/security-advisories •
CVSS: 7.2EPSS: 2%CPEs: 2EXPL: 0CVE-2022-40765 – Mitel MiVoice Connect Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-40765
22 Nov 2022 — A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. Una vulnerabilidad en el componente Edge Gateway de Mitel MiVoice Connect hasta la versión 19.3 (22.22.6100.0) podría permitir que un atacante autenticado con acceso a la red interna lleve a cabo un ataque de inyección de comandos, debido a una restricción... • https://www.mitel.com/support/security-advisories • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36451
https://notcve.org/view.php?id=CVE-2022-36451
25 Oct 2022 — A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. Una vulnerabilidad en el componente del servidor MiCollab Client de Mitel MiCollab versiones hasta 9.5.0.101, podría permitir a un atacante autenticado conducir ... • https://www.mitel.com/support/security-advisories • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2022-36452
https://notcve.org/view.php?id=CVE-2022-36452
25 Oct 2022 — A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. Una vulnerabilidad en el componente de conferencias web de Mitel MiCollab versiones hasta 9.5.0.101, podría permitir a un atacante no autenticado descargar archivos maliciosos. Una explotación con éxito podría permitir a un atacante ejecutar código ... • https://www.mitel.com/support/security-advisories • CWE-434: Unrestricted Upload of File with Dangerous Type •