CVE-2023-32748

EPSS 0.35%
Published 14.08.2023 18:15:10
Last modified 21.11.2024 08:03:57
Source cve@mitre.org
Teams watchlist Login
Open Login

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Mitel ≫ Mivoice Connect Version <= 22.24.1500.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.35%	0.565

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.mitel.com/support/security-advisories

Vendor Advisory

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-32748

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32748

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32748

EUVD