Improper Access Control in Mitel MiVoice Connect Headquarters Server
CVE-2023-31457

9.8CRITICAL

Key Information:

Vendor: Mitel
Status: Mivoice Connect
Vendor: CVE Published:; 24 May 2023

Summary

A vulnerability exists in the Headquarters server component of Mitel MiVoice Connect that may allow an unauthenticated attacker with access to the internal network to execute arbitrary scripts. This issue arises from inadequate access control measures, which can expose sensitive functionalities to unauthorized users, potentially leading to unauthorized actions or data breaches.

References

https://www.mitel.com/support/security-advisories

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2023
Vulnerability Reserved
Apr 28, 2023