CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36453
https://notcve.org/view.php?id=CVE-2022-36453
25 Oct 2022 — A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number. Una vulnerabilidad en la API del cliente de MiCollab de Mitel MiCollab versiones 9.1.3 hasta 9.5.0.101, podría permitir a un atacante autenticado modificar los parámetros de su perfil debido a controles de autorizació... • https://www.mitel.com/support/security-advisories •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36454
https://notcve.org/view.php?id=CVE-2022-36454
25 Oct 2022 — A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name. Una vulnerabilidad en la API del cliente MiCollab de Mitel MiCollab versiones hasta 9.5.0.101, podría permitir a un atacante autenticado modificar los parámetros de su perfil debido a controles de autorización inapropiados. ... • https://www.mitel.com/support/security-advisories •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31784
https://notcve.org/view.php?id=CVE-2022-31784
17 Jun 2022 — A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution. Una vulnerabilidad en la interfaz de administración de MiVoice Business versiones hasta 9.3 PR1 y MiVoice Business Express versiones hasta 8.0 S... • https://www.mitel.com/support/security-advisories • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 3CVE-2022-29854 – Mitel 6800/6900 Series SIP Phones Backdoor Access
https://notcve.org/view.php?id=CVE-2022-29854
13 May 2022 — A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. Una vulnerabilidad en los teléfonos IP de la serie 6900 de Mitel (MiNet), excepto el 6970, versiones 1.8 (1.8.0.12) y anteriores, podría permitir... • https://packetstorm.news/files/id/167547 • CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 0%CPEs: 27EXPL: 3CVE-2022-29855 – Mitel 6800/6900 Series SIP Phones Backdoor Access
https://notcve.org/view.php?id=CVE-2022-29855
11 May 2022 — Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information an... • https://packetstorm.news/files/id/167547 •
CVSS: 10.0EPSS: 87%CPEs: 1EXPL: 0CVE-2022-29499 – Mitel MiVoice Connect Data Validation Vulnerability
https://notcve.org/view.php?id=CVE-2022-29499
26 Apr 2022 — The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. El componente Service Appliance en Mitel MiVoice Connect versiones hasta 19.2 SP3, permite una ejecución de código remota debido a una comprobación incorrecta de los datos. Los Service Appliances son SA 100, SA 400 y Virtual SA The Service Appliance component in Mitel MiVoice Connect allows remote code executio... • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0002 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 64%CPEs: 4EXPL: 1CVE-2022-26143 – MiCollab, MiVoice Business Express Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2022-26143
09 Mar 2022 — The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. El componente TP-240 (también conocido como tp240dvr) en Mitel MiCollab versiones anteriores a 9.4 SP1 FP1 y MiVoice Business Express versiones hasta 8.1, permi... • https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32069
https://notcve.org/view.php?id=CVE-2021-32069
13 Aug 2021 — The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data. El componente AWV de Mitel MiCollab versiones anteriores a 9.3, podría permitir a un atacante llevar a cabo un ataque de tipo Man-In-the-Middle debido a una negociación TLS inapropiado. Una explotación con éxito podría permitir a un atacante visualizar y modificar datos. • https://www.mitel.com/support/security-advisories • CWE-295: Improper Certificate Validation •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37586
https://notcve.org/view.php?id=CVE-2021-37586
13 Aug 2021 — The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation. El componente PowerPlay Web de los sistemas Mitel Interaction Recording Multitenancy versiones anteriores a 6.7, podría permitir a un usuario (con derechos de Administrador) reproducir una conversación previamente grabada de otro arrendatario debido a una comprobación insuficien... • https://www.mitel.com/support/security-advisories • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3352
https://notcve.org/view.php?id=CVE-2021-3352
13 Aug 2021 — The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens. El kit de Desarrollo de Software de Mitel MiContact Center Business desde versiones 8.0.0.0 hasta 8.1.4.1 y versiones 9.0.0.0 hasta 9.3.1.0, podría permitir a un atacante no autenticado acceder (visualizar y modificar) los datos de usuarios sin autorizaci... • https://www.mitel.com/support/security-advisories •