CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-41223

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.038

EPSS Ranking 87.6%

CVSS Severity

CVSS v3 Score 6.8

Proposed Action

The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.

Ransomware Campaign

Known

References

https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008

Products affected by CVE-2022-41223

Mitel » Mivoice Connect » Version: N/A

cpe:2.3:a:mitel:mivoice_connect:-
Mitel » Mivoice Connect » Version: 19.1

cpe:2.3:a:mitel:mivoice_connect:19.1
Mitel » Mivoice Connect » Version: 19.3

cpe:2.3:a:mitel:mivoice_connect:19.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-41223

Products

Pricing

Contact Us