Vulnerabilities > Mitel > Mivoice Office 400 > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-14 CVE-2023-39293 Command Injection vulnerability in Mitel products
A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system.
network
low complexity
mitel CWE-77
critical
9.8
2023-08-14 CVE-2023-39292 SQL Injection vulnerability in Mitel products
A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations.
network
low complexity
mitel CWE-89
critical
9.8