File Download Vulnerability in Mitel MiContact Center Business Server
CVE-2023-22854

7.5HIGH

Key Information:

Vendor: Mitel
Status: Micontact Center Business
Vendor: CVE Published:; 13 February 2023

What is CVE-2023-22854?

The ccmweb component of Mitel MiContact Center Business Server versions 9.2.2.0 to 9.4.1.0 contains a vulnerability that may allow unauthenticated attackers to download arbitrary files. This issue arises from insufficient validation of URL parameters, leading to potential exposure of sensitive information. Organizations using vulnerable versions should consider applying the available security updates or mitigating the risks by restricting access to the affected components.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.mitel.com/support/security-advisories

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2023
Vulnerability Reserved
Jan 8, 2023

JSON

Mitel

What is CVE-2023-22854?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.