File Download Vulnerability in Mitel MiContact Center Business Server
CVE-2023-22854

7.5HIGH

Key Information:

Vendor: Mitel
Status: Micontact Center Business
Vendor: CVE Published:; 13 February 2023

Summary

The ccmweb component of Mitel MiContact Center Business Server versions 9.2.2.0 to 9.4.1.0 contains a vulnerability that may allow unauthenticated attackers to download arbitrary files. This issue arises from insufficient validation of URL parameters, leading to potential exposure of sensitive information. Organizations using vulnerable versions should consider applying the available security updates or mitigating the risks by restricting access to the affected components.

References

https://www.mitel.com/support/security-advisories

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2023
Vulnerability Reserved
Jan 8, 2023