Lucene search

[email protected]CVE-2022-40765

HistoryNov 22, 2022 - 1:15 a.m.

CVE-2022-40765

2022-11-2201:15:31

CWE-77

[email protected]

web.nvd.nist.gov

393

In Wild

cve-2022-40765

mitel

mivoice connect

edge gateway

command injection

url parameter restriction

nvd

vulnerability

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.7%

JSON

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.

Affected configurations

NVD

Node

mitelmivoice_connectRange<19.3

mitelmivoice_connectMatch19.3-

CPENameOperatorVersion
mitel:mivoice_connectmitel mivoice connectlt19.3

CPE	Name	Operator	Version
mitel:mivoice_connect	mitel mivoice connect	lt	19.3

References

www.mitel.com/support/security-advisories

www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007

Social References

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.7%

JSON

Related for CVE-2022-40765

prion1 nvd1 cisa_kev1 cvelist1 attackerkb1 cisa1 thn1