CVE-2023-32748

EPSS 0.9%
Veröffentlicht 14.08.2023 18:15:10
Zuletzt bearbeitet 21.11.2024 08:03:57
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mitel ≫ Mivoice Connect Version <= 22.24.1500.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.9%	0.55

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.mitel.com/support/security-advisories

Vendor Advisory

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-32748

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32748

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32748

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-32748