Filtered by vendor Mitel
Subscriptions
Total
131 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-39288 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 5.5 Medium |
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. | ||||
CVE-2023-39287 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 5.5 Medium |
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. | ||||
CVE-2023-39286 | 1 Mitel | 1 Connect Mobility Router | 2024-11-21 | 4.3 Medium |
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | ||||
CVE-2023-39285 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 4.3 Medium |
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | ||||
CVE-2023-32748 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 9.8 Critical |
The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. | ||||
CVE-2023-31460 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 7.2 High |
A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters. | ||||
CVE-2023-31459 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 8.8 High |
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. | ||||
CVE-2023-31458 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 9.8 Critical |
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. | ||||
CVE-2023-31457 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 9.8 Critical |
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. | ||||
CVE-2023-25599 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 7.4 High |
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
CVE-2023-25598 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 6.1 Medium |
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
CVE-2023-25597 | 1 Mitel | 1 Micollab | 2024-11-21 | 5.9 Medium |
A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information. | ||||
CVE-2023-22854 | 1 Mitel | 1 Micontact Center Business | 2024-11-21 | 7.5 High |
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. | ||||
CVE-2022-41326 | 1 Mitel | 1 Micollab | 2024-11-21 | 9.8 Critical |
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. | ||||
CVE-2022-41223 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 6.8 Medium |
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. | ||||
CVE-2022-40765 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 6.8 Medium |
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. | ||||
CVE-2022-36454 | 1 Mitel | 1 Micollab | 2024-11-21 | 6.5 Medium |
A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name. | ||||
CVE-2022-36453 | 1 Mitel | 1 Micollab | 2024-11-21 | 8.8 High |
A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number. | ||||
CVE-2022-36452 | 1 Mitel | 1 Micollab | 2024-11-21 | 9.8 Critical |
A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. | ||||
CVE-2022-36451 | 1 Mitel | 1 Micollab | 2024-11-21 | 8.8 High |
A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. |