6.8
CVE-2022-40765
- EPSS 2.95%
- Veröffentlicht 22.11.2022 01:15:31
- Zuletzt bearbeitet 04.02.2025 14:52:50
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mitel ≫ Mivoice Connect Version < 19.3
Mitel ≫ Mivoice Connect Version19.3 Update-
21.02.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Mitel MiVoice Connect Command Injection Vulnerability
SchwachstelleThe Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.95% | 0.86 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.