Cross Site Request Forgery Vulnerability in Mitel MiVoice Connect
CVE-2023-39285

4.3MEDIUM

Key Information:

Vendor: Mitel
Status: Mivoice Connect
Vendor: CVE Published:; 14 September 2023

Summary

A Cross Site Request Forgery vulnerability exists in the Edge Gateway component of Mitel MiVoice Connect, allowing unauthorized attackers to exploit insufficient request validation. This vulnerability facilitates attackers to manipulate system configurations by delivering modified URLs, potentially putting sensitive systems at risk.

References

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2023
Vulnerability Reserved
Jul 27, 2023