CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39293
https://notcve.org/view.php?id=CVE-2023-39293
A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0009 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39292
https://notcve.org/view.php?id=CVE-2023-39292
A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •