Vulnerabilities > Mitel

DATE CVE VULNERABILITY TITLE RISK
2022-11-22 CVE-2022-40765 Command Injection vulnerability in Mitel Mivoice Connect 19.1/19.3
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.
low complexity
mitel CWE-77
6.8
2022-11-22 CVE-2022-41223 Code Injection vulnerability in Mitel Mivoice Connect 19.1/19.3
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.
low complexity
mitel CWE-94
6.8
2022-11-22 CVE-2022-41326 Incorrect Authorization vulnerability in Mitel Micollab
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls.
network
low complexity
mitel CWE-863
critical
9.8
2022-10-25 CVE-2022-36452 Unrestricted Upload of File with Dangerous Type vulnerability in Mitel Micollab
A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files.
network
low complexity
mitel CWE-434
critical
9.8
2022-10-25 CVE-2022-36451 Server-Side Request Forgery (SSRF) vulnerability in Mitel Micollab
A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters.
network
low complexity
mitel CWE-918
8.8
2022-10-25 CVE-2022-36453 Unspecified vulnerability in Mitel Micollab
A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls.
network
low complexity
mitel
8.8
2022-10-25 CVE-2022-36454 Unspecified vulnerability in Mitel Micollab
A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls.
network
low complexity
mitel
6.5
2022-06-17 CVE-2022-31784 Classic Buffer Overflow vulnerability in Mitel Mivoice Business and Mivoice Business Express
A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters.
network
mitel CWE-120
6.8
2022-05-13 CVE-2022-29854 Incorrect Authorization vulnerability in Mitel Minet Firmware 1.8.0.12
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup.
low complexity
mitel CWE-863
6.8
2022-05-11 CVE-2022-29855 Incorrect Authorization vulnerability in Mitel products
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup.
low complexity
mitel CWE-863
6.8