Vulnerabilities > Mitel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-24 | CVE-2023-31458 | Unspecified vulnerability in Mitel Mivoice Connect A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. | 9.8 |
| 2023-05-24 | CVE-2023-25598 | Cross-site Scripting vulnerability in Mitel Mivoice Connect A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. | 6.1 |
| 2023-05-24 | CVE-2023-31457 | Unspecified vulnerability in Mitel Mivoice Connect A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. | 9.8 |
| 2023-05-24 | CVE-2023-31459 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mitel Mivoice Connect A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. | 8.8 |
| 2023-05-24 | CVE-2023-31460 | Command Injection vulnerability in Mitel Mivoice Connect A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters. | 7.2 |
| 2023-04-14 | CVE-2023-25597 | Improper Authentication vulnerability in Mitel Micollab A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. | 5.9 |
| 2023-02-13 | CVE-2023-22854 | Unspecified vulnerability in Mitel Micontact Center Business The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. | 7.5 |
| 2022-11-22 | CVE-2022-40765 | Command Injection vulnerability in Mitel Mivoice Connect 19.1/19.3 A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. | 6.8 |
| 2022-11-22 | CVE-2022-41223 | Code Injection vulnerability in Mitel Mivoice Connect 19.1/19.3 The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. | 6.8 |
| 2022-11-22 | CVE-2022-41326 | Unspecified vulnerability in Mitel Micollab The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. | 9.8 |