Skip to main content

Mivoice Connect CVE-2022-40765

MEDIUM
Command Injection (CWE-77)
2022-11-22 cve@mitre.org
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Added to CISA KEV
Jul 14, 2026 - 04:22 CISA
CVE Published
Nov 22, 2022 - 01:15 nvd
MEDIUM 6.8

DescriptionNVD

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.

AnalysisAI

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. Affected products include: Mitel Mivoice Connect. Version information: through 19.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2018-3639 MEDIUM POC
5.5 May 22

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres

CVE-2023-32748 CRITICAL
9.8 Aug 14

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated a

CVE-2023-31458 CRITICAL
9.8 May 24

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier coul

CVE-2023-31457 CRITICAL
9.8 May 24

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earli

CVE-2022-29499 CRITICAL
9.8 Apr 26

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorr

CVE-2020-10211 CRITICAL
9.8 Apr 17

A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthent

CVE-2023-31459 HIGH
8.8 May 24

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier coul

CVE-2023-39289 HIGH
7.5 Aug 25

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an un

CVE-2023-25599 HIGH
7.4 May 24

A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an una

CVE-2023-31460 HIGH
7.2 May 24

A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allo

CVE-2022-41223 MEDIUM
6.8 Nov 22

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to

CVE-2018-9102 MEDIUM
6.5 Apr 25

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earli

Share

CVE-2022-40765 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy