Command Injection Vulnerability in MiVoice Connect by Mitel
CVE-2023-31460

7.2HIGH

Key Information:

Vendor: Mitel
Status: Mivoice Connect
Vendor: CVE Published:; 24 May 2023

Summary

A command injection vulnerability exists in the Connect Mobility Router component of MiVoice Connect. This flaw affects versions 9.6.2208.101 and earlier, allowing an authenticated attacker with internal network access to manipulate URL parameters. Insufficient restrictions on these parameters can lead to unauthorized execution of arbitrary commands, potentially compromising the integrity and security of the affected system.

References

https://www.mitel.com/support/security-advisories

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2023
Vulnerability Reserved
Apr 28, 2023