Lucene search

AttackerKBAKB:BEE992AD-C5B7-4E2C-A55D-967204D2F0B7

HistoryNov 22, 2022 - 12:00 a.m.

CVE-2022-41223

2022-11-2200:00:00

attackerkb.com

cve-2022-41223

code-injection

mivoice connect

database component

crafted data

authenticated attacker

insufficient restrictions

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.6%

JSON

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41223

www.mitel.com/support/security-advisories

www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.6%

JSON

Related for AKB:BEE992AD-C5B7-4E2C-A55D-967204D2F0B7