Command Injection Vulnerability in MiVoice Office 400 by Mitel
CVE-2023-39293

9.8CRITICAL

Key Information:

Vendor: Mitel
Status: Mivoice Office 400; Mivoice Office 400 Smb Controller Firmware
Vendor: CVE Published:; 14 August 2023

Summary

A command injection vulnerability has been discovered in the MiVoice Office 400 SMB Controller, which could enable a malicious actor to execute arbitrary commands in the context of the affected system. This flaw allows for potential unauthorized access, leading to significant security risks and exploitation possibilities. Users and administrators are urged to review security advisories to mitigate these risks.

References

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2023
Vulnerability Reserved
Jul 27, 2023