CVE-2022-41223
Mitel MiVoice Connect Code Injection Vulnerability
Severity Score
6.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.
El componente de base de datos Director de MiVoice Connect hasta la versión 19.3 (22.22.6100.0) podría permitir a un atacante autenticado realizar un ataque de inyección de código a través de datos manipulados debido a restricciones insuficientes en el tipo de datos de la base de datos.
The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-09-21 CVE Reserved
- 2022-11-22 CVE Published
- 2023-02-21 Exploited in Wild
- 2023-03-14 KEV Due Date
- 2024-08-03 CVE Updated
- 2024-10-08 EPSS Updated
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mitel.com/support/security-advisories | 2022-11-26 | |
| https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008 | 2022-11-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitel Search vendor "Mitel" | Mivoice Connect Search vendor "Mitel" for product "Mivoice Connect" | < 19.3 Search vendor "Mitel" for product "Mivoice Connect" and version " < 19.3" | - |
Affected
| ||||||
| Mitel Search vendor "Mitel" | Mivoice Connect Search vendor "Mitel" for product "Mivoice Connect" | 19.3 Search vendor "Mitel" for product "Mivoice Connect" and version "19.3" | - |
Affected
| ||||||