Skip to main content

Mivoice Office 400

3 CVEs product

Monthly

CVE-2023-39293 CRITICAL Act Now

A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Mivoice Office 400 Mivoice Office 400 Smb Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-39292 CRITICAL Act Now

A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SQLi Mivoice Office 400 Mivoice Office 400 Smb Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2018-16226 MEDIUM This Month

A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Mivoice Office 400
NVD
CVSS 3.0
6.1
EPSS
1.1%
EPSS 1% CVSS 9.8
CRITICAL Act Now

A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Mivoice Office 400 +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SQLi Mivoice Office 400 +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Mivoice Office 400
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy