Code Injection Vulnerability in MiVoice Connect Database Component by Mitel
CVE-2022-41223

6.8MEDIUM

Key Information:

Vendor: Mitel
Status: Mivoice Connect
Vendor: CVE Published:; 22 November 2022

Badges

💰 Ransomware👾 Exploit Exists🦅 CISA Reported

Summary

The database component of MiVoice Connect versions up to 19.3 (22.22.6100.0) is susceptible to a code injection attack due to inadequate restrictions on the types of data that can be processed. Authenticated users may exploit this vulnerability by sending deliberately crafted data, potentially compromising the integrity and confidentiality of the system. It is crucial for users of affected versions to apply security updates and implement appropriate security measures.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

References

https://www.mitel.com/support/security-advisories

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

💰
Used in Ransomware
Feb 21, 2023
👾
Exploit known to exist
Feb 21, 2023
🦅
CISA Reported
Feb 21, 2023
Vulnerability published
Nov 22, 2022
Vulnerability Reserved
Sep 21, 2022