Mitel MiVoice Connect Command Injection Vulnerability
Mitel — MiVoice Connect
- Added to KEV catalog
- 21 February 2023
- Federal remediation due date
- 14 March 2023
- Weakness classification (CWE)
- CWE-77
CISA Description
The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.
Required action
Apply updates per vendor instructions.
Notes
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007; https://nvd.nist.gov/vuln/detail/CVE-2022-40765
More Mitel Vulnerabilities
Mitel SIP Phones Argument Injection Vulnerability
Mitel MiCollab Path Traversal Vulnerability
Mitel MiCollab Path Traversal Vulnerability
Mitel MiVoice Connect Code Injection Vulnerability
Mitel MiVoice Connect Data Validation Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services