CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39285
https://notcve.org/view.php?id=CVE-2023-39285
14 Sep 2023 — A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. Una vulnerabilidad en el componente Edge Gateway de Mitel MiVoice Connect hasta 19.3 SP3 (22.24.5800.0) podría permitir que un atacante ... • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0014 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39287
https://notcve.org/view.php?id=CVE-2023-39287
25 Aug 2023 — A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. • https://www.mitel.com/support/security-advisories • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39290
https://notcve.org/view.php?id=CVE-2023-39290
25 Aug 2023 — A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. • https://www.mitel.com/support/security-advisories •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32748
https://notcve.org/view.php?id=CVE-2023-32748
14 Aug 2023 — The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. • https://www.mitel.com/support/security-advisories • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31457
https://notcve.org/view.php?id=CVE-2023-31457
24 May 2023 — A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. • https://www.mitel.com/support/security-advisories •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31458
https://notcve.org/view.php?id=CVE-2023-31458
24 May 2023 — A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. • https://www.mitel.com/support/security-advisories •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25598
https://notcve.org/view.php?id=CVE-2023-25598
24 May 2023 — A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts. • https://www.mitel.com/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25599
https://notcve.org/view.php?id=CVE-2023-25599
24 May 2023 — A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. • https://www.mitel.com/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 0CVE-2022-41223 – Mitel MiVoice Connect Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-41223
22 Nov 2022 — The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. El componente de base de datos Director de MiVoice Connect hasta la versión 19.3 (22.22.6100.0) podría permitir a un atacante autenticado realizar un ataque de inyección de código a través de datos manipulados debido a restricciones insuficientes en el tipo de datos de la base de da... • https://www.mitel.com/support/security-advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 2%CPEs: 2EXPL: 0CVE-2022-40765 – Mitel MiVoice Connect Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-40765
22 Nov 2022 — A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. Una vulnerabilidad en el componente Edge Gateway de Mitel MiVoice Connect hasta la versión 19.3 (22.22.6100.0) podría permitir que un atacante autenticado con acceso a la red interna lleve a cabo un ataque de inyección de comandos, debido a una restricción... • https://www.mitel.com/support/security-advisories • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •