CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-39285

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.4%

CVSS Severity

CVSS v3 Score 4.3

References

Products affected by CVE-2023-39285

Mitel » Mivoice Connect » Version: N/A

cpe:2.3:a:mitel:mivoice_connect:-
Mitel » Mivoice Connect » Version: 19.1

cpe:2.3:a:mitel:mivoice_connect:19.1
Mitel » Mivoice Connect » Version: 19.3

cpe:2.3:a:mitel:mivoice_connect:19.3
Mitel » Mivoice Connect » Version: 21.84.5535.0

cpe:2.3:a:mitel:mivoice_connect:21.84.5535.0
Mitel » Mivoice Connect » Version: 21.90.9743.0

cpe:2.3:a:mitel:mivoice_connect:21.90.9743.0
Mitel » Mivoice Connect » Version: 22.20.2300.0

cpe:2.3:a:mitel:mivoice_connect:22.20.2300.0
Mitel » Mivoice Connect » Version: 22.24.1500.0

cpe:2.3:a:mitel:mivoice_connect:22.24.1500.0
Mitel » Mivoice Connect » Version: 22.24.6900.0

cpe:2.3:a:mitel:mivoice_connect:22.24.6900.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-39285

Products

Pricing

Contact Us