Remote Code Execution Vulnerability in Mitel MiVoice Connect Products
CVE-2022-29499

9.8CRITICAL

Key Information:

Vendor: Mitel
Status: Mivoice Connect
Vendor: CVE Published:; 26 April 2022

Badges

💰 Ransomware👾 Exploit Exists🦅 CISA Reported

Summary

A vulnerability exists in the Service Appliance component of Mitel MiVoice Connect that allows for remote code execution due to improper data validation. This flaw can be exploited by an attacker to execute malicious code remotely on affected devices, including SA 100, SA 400, and the Virtual SA. Users are encouraged to update to the latest software versions promptly to mitigate this risk.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

References

https://www.mitel.com/support/security-advisories/mitel-p...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

💰
Used in Ransomware
Jun 27, 2022
👾
Exploit known to exist
Jun 27, 2022
🦅
CISA Reported
Jun 27, 2022
Vulnerability published
Apr 26, 2022
Vulnerability Reserved
Apr 19, 2022