CVE-2023-32748

EPSS 0.35%
Veröffentlicht 14.08.2023 18:15:10
Zuletzt bearbeitet 21.11.2024 08:03:57
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mitel ≫ Mivoice Connect Version <= 22.24.1500.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.565

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.mitel.com/support/security-advisories

Vendor Advisory

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-32748

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32748

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32748

EUVD