CVE-2022-29499
Mitel MiVoice Connect Data Validation Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.
El componente Service Appliance en Mitel MiVoice Connect versiones hasta 19.2 SP3, permite una ejecución de código remota debido a una comprobación incorrecta de los datos. Los Service Appliances son SA 100, SA 400 y Virtual SA
The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-19 CVE Reserved
- 2022-04-26 CVE Published
- 2022-06-27 Exploited in Wild
- 2022-07-18 KEV Due Date
- 2024-08-03 CVE Updated
- 2024-10-08 EPSS Updated
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0002 | 2022-05-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mitel Search vendor "Mitel" | Mivoice Connect Search vendor "Mitel" for product "Mivoice Connect" | <= 22.20.2300.0 Search vendor "Mitel" for product "Mivoice Connect" and version " <= 22.20.2300.0" | - |
Affected
|