SQL Injection Vulnerability in MiVoice Office 400 by Mitel
CVE-2023-39292

9.8CRITICAL

Key Information:

Vendor: Mitel
Status: Mivoice Office 400; Mivoice Office 400 Smb Controller Firmware
Vendor: CVE Published:; 14 August 2023

What is CVE-2023-39292?

A SQL Injection vulnerability has been discovered in the MiVoice Office 400 SMB Controller version 1.2.5.23. This vulnerability potentially allows an attacker to manipulate database queries, gaining unauthorized access to sensitive information and executing arbitrary commands within the database environment. Organizations using this product should implement security measures promptly to mitigate any risk associated with this vulnerability.

References

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2023
Vulnerability Reserved
Jul 27, 2023