Skip to main content

Mivoice Connect CVE-2023-31460

HIGH
Command Injection (CWE-77)
2023-05-24 cve@mitre.org
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 24, 2023 - 20:15 nvd
HIGH 7.2

DescriptionNVD

A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters.

AnalysisAI

A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters. Affected products include: Mitel Mivoice Connect.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2018-3639 MEDIUM POC
5.5 May 22

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres

CVE-2023-32748 CRITICAL
9.8 Aug 14

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated a

CVE-2023-31458 CRITICAL
9.8 May 24

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier coul

CVE-2023-31457 CRITICAL
9.8 May 24

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earli

CVE-2022-29499 CRITICAL
9.8 Apr 26

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorr

CVE-2020-10211 CRITICAL
9.8 Apr 17

A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthent

CVE-2023-31459 HIGH
8.8 May 24

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier coul

CVE-2023-39289 HIGH
7.5 Aug 25

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an un

CVE-2023-25599 HIGH
7.4 May 24

A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an una

CVE-2022-41223 MEDIUM
6.8 Nov 22

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to

CVE-2022-40765 MEDIUM
6.8 Nov 22

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authen

CVE-2018-9102 MEDIUM
6.5 Apr 25

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earli

Share

CVE-2023-31460 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy