cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41713,https://securityvulnerability.io/vulnerability/CVE-2024-41713,Mitel NuPoint Unified Messaging (NPM) Vulnerability: Path Traversal Attack,"A vulnerability exists within the NuPoint Unified Messaging component of Mitel MiCollab, where insufficient input validation may result in a path traversal attack. An unauthenticated attacker who successfully exploits this vulnerability could gain unauthorized access, potentially allowing them to view, corrupt, or delete sensitive user data and critical system configurations. Organizations using affected versions should prioritize securing their systems against potential exploits to mitigate the risk of data breaches.",Mitel,Micollab,9.1,CRITICAL,0.9543700218200684,true,2025-01-07T00:00:00.000Z,true,false,true,2024-12-05T14:07:33.000Z,,true,false,,2024-10-21T21:15:00.000Z,3587
CVE-2024-30158,https://securityvulnerability.io/vulnerability/CVE-2024-30158,Attackers with Admin Privs Can Abuse SQL Injections,"A SQL Injection vulnerability exists in the web conferencing component of Mitel MiCollab through version 9.7.1.110. This security flaw permits an authenticated user with administrative privileges to execute SQL Injection attacks, attributed to the insufficient validation of user input. If successfully exploited, the attacker could perform unauthorized database operations and management actions, potentially compromising the integrity and confidentiality of the system.",Mitel,Micollab,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-30157,https://securityvulnerability.io/vulnerability/CVE-2024-30157,Suite Applications Services Vulnerability Could Lead to SQL Injection,"A vulnerability identified in the Suite Applications Services component of Mitel MiCollab through version 9.7.1.110 presents significant security risks. The flaw arises from inadequate validation of user input, which can potentially enable an authenticated attacker with administrative privileges to execute a SQL Injection attack. This exploitation could facilitate unauthorized database access and pose threats to data integrity and confidentiality. Organizations leveraging Mitel MiCollab should prioritize addressing this vulnerability through timely patches and enhanced security practices.",Mitel,Micollab,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-36446,https://securityvulnerability.io/vulnerability/CVE-2024-36446,Authentication Bypass in Mitel MiVoice MX-ONE Provisioning Manager,"The provisioning manager component of Mitel MiVoice MX-ONE versions up to 7.6 SP1 is susceptible to an authentication bypass vulnerability due to improper access control mechanisms. An authenticated attacker could exploit this weakness to bypass the existing authorization schema, gaining unauthorized access to sensitive functionalities and data within the system. This vulnerability emphasizes the need for robust access control practices to mitigate risks effectively.",Mitel,Mivoice Mx-one,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-08-13T00:00:00.000Z,0
CVE-2024-37569,https://securityvulnerability.io/vulnerability/CVE-2024-37569,Command Injection Vulnerability in Mitel 6869i Devices,"A security flaw has been identified in Mitel 6869i devices running versions up to 4.5.0.41 and 5.x up to 5.0.0.1018. This vulnerability allows an authenticated user to exploit a command injection through improperly sanitized input in the hostname parameter of the provis.html endpoint. Since the input is executed as part of shell commands during system boot, attackers can execute arbitrary commands in the system's root context by injecting shell metacharacters into the hostname. This serious oversight in input validation could lead to remote code execution, granting unauthorized control over the device.",Mitel,6869i Sip Firmware,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-06-09T20:15:00.000Z,0
CVE-2024-37570,https://securityvulnerability.io/vulnerability/CVE-2024-37570,Command Execution Vulnerability in Mitel 6869i 4.5.0.41 Devices via Manual Firmware Update Page,"Mitel 6869i devices running version 4.5.0.41 are affected by a security vulnerability stemming from a lack of input sanitization on the Manual Firmware Update page. An authenticated user can exploit this flaw by manipulating the username and path parameters sent to the system. This unsanitized input is passed directly to the busybox ftpget command, enabling the potential for arbitrary command execution within the device's environment.",Mitel,6869i Sip Firmware,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-06-09T20:15:00.000Z,0
CVE-2023-39289,https://securityvulnerability.io/vulnerability/CVE-2023-39289,Account Enumeration Vulnerability in Mitel MiVoice Connect Router Component,"The Connect Mobility Router of Mitel MiVoice Connect versions up to 9.6.2208.101 is vulnerable due to improper configuration, allowing unauthenticated attackers to perform account enumeration attacks. An exploit may enable attackers to access sensitive system information without authentication, posing significant security risks.",Mitel,Mivoice Connect,7.5,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2023-08-25T00:00:00.000Z,0
CVE-2023-39293,https://securityvulnerability.io/vulnerability/CVE-2023-39293,Command Injection Vulnerability in MiVoice Office 400 by Mitel,"A command injection vulnerability has been discovered in the MiVoice Office 400 SMB Controller, which could enable a malicious actor to execute arbitrary commands in the context of the affected system. This flaw allows for potential unauthorized access, leading to significant security risks and exploitation possibilities. Users and administrators are urged to review security advisories to mitigate these risks.",Mitel,"Mivoice Office 400,Mivoice Office 400 Smb Controller Firmware",9.8,CRITICAL,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-08-14T00:00:00.000Z,0
CVE-2023-39292,https://securityvulnerability.io/vulnerability/CVE-2023-39292,SQL Injection Vulnerability in MiVoice Office 400 by Mitel,"A SQL Injection vulnerability has been discovered in the MiVoice Office 400 SMB Controller version 1.2.5.23. This vulnerability potentially allows an attacker to manipulate database queries, gaining unauthorized access to sensitive information and executing arbitrary commands within the database environment. Organizations using this product should implement security measures promptly to mitigate any risk associated with this vulnerability.",Mitel,"Mivoice Office 400,Mivoice Office 400 Smb Controller Firmware",9.8,CRITICAL,0.0013699999544769526,false,,false,false,false,,,false,false,,2023-08-14T00:00:00.000Z,0
CVE-2023-32748,https://securityvulnerability.io/vulnerability/CVE-2023-32748,Improper Access Control in Mitel MiVoice Connect Linux DVS Server,"The Linux DVS server component of Mitel MiVoice Connect, prior to version 19.3 SP2 (22.24.1500.0), is susceptible to an improper access control vulnerability. An attacker with access to the internal network could potentially exploit this flaw to execute arbitrary scripts without requiring authentication, thereby compromising the security of the system. It is essential for administrators to apply the latest updates and assess their network configurations to mitigate this risk.",Mitel,Mivoice Connect,9.8,CRITICAL,0.00394000019878149,false,,false,false,false,,,false,false,,2023-08-14T00:00:00.000Z,0
CVE-2023-31459,https://securityvulnerability.io/vulnerability/CVE-2023-31459,Authorization Bypass in Mitel MiVoice Connect Router,A vulnerability exists in the Connect Mobility Router component of Mitel's MiVoice Connect. Versions 9.6.2208.101 and earlier are susceptible to an authorization bypass. The flaw allows an unauthenticated attacker with access to the internal network to gain administrative privileges due to the initial installation's failure to enforce a mandatory password change. Exploiting this vulnerability potentially grants the attacker the ability to execute arbitrary commands and change crucial system configurations.,Mitel,Mivoice Connect,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-05-24T00:00:00.000Z,0
CVE-2023-31457,https://securityvulnerability.io/vulnerability/CVE-2023-31457,Improper Access Control in Mitel MiVoice Connect Headquarters Server,"A vulnerability exists in the Headquarters server component of Mitel MiVoice Connect that may allow an unauthenticated attacker with access to the internal network to execute arbitrary scripts. This issue arises from inadequate access control measures, which can expose sensitive functionalities to unauthorized users, potentially leading to unauthorized actions or data breaches.",Mitel,Mivoice Connect,9.8,CRITICAL,0.0036700000055134296,false,,false,false,false,,,false,false,,2023-05-24T00:00:00.000Z,0
CVE-2023-31460,https://securityvulnerability.io/vulnerability/CVE-2023-31460,Command Injection Vulnerability in MiVoice Connect by Mitel,"A command injection vulnerability exists in the Connect Mobility Router component of MiVoice Connect. This flaw affects versions 9.6.2208.101 and earlier, allowing an authenticated attacker with internal network access to manipulate URL parameters. Insufficient restrictions on these parameters can lead to unauthorized execution of arbitrary commands, potentially compromising the integrity and security of the affected system.",Mitel,Mivoice Connect,7.2,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2023-05-24T00:00:00.000Z,0
CVE-2023-31458,https://securityvulnerability.io/vulnerability/CVE-2023-31458,Privilege Escalation Vulnerability in Mitel MiVoice Connect Edge Gateway,"The vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier allows an attacker with internal network access to exploit the system due to the initial installation process not enforcing a mandatory password change. This oversight could lead to unauthorized administrative access, enabling the attacker to perform arbitrary configuration changes and execute commands at will, potentially compromising the integrity and security of the entire system.",Mitel,Mivoice Connect,9.8,CRITICAL,0.00203999993391335,false,,false,false,false,,,false,false,,2023-05-24T00:00:00.000Z,0
CVE-2023-25599,https://securityvulnerability.io/vulnerability/CVE-2023-25599,Reflected Cross-Site Scripting Vulnerability in Mitel MiVoice Connect,"A vulnerability exists in the conferencing component of Mitel MiVoice Connect versions 19.3 SP2 and 22.24.1500.0, enabling unauthenticated attackers to perform reflected cross-site scripting (XSS) attacks. This vulnerability arises due to insufficient input validation on the test_presenter.php page. If successfully exploited, it permits an attacker to execute arbitrary scripts within the context of the affected user, posing a significant security risk.",Mitel,Mivoice Connect,7.4,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2023-05-24T00:00:00.000Z,0
CVE-2023-22854,https://securityvulnerability.io/vulnerability/CVE-2023-22854,File Download Vulnerability in Mitel MiContact Center Business Server,"The ccmweb component of Mitel MiContact Center Business Server versions 9.2.2.0 to 9.4.1.0 contains a vulnerability that may allow unauthenticated attackers to download arbitrary files. This issue arises from insufficient validation of URL parameters, leading to potential exposure of sensitive information. Organizations using vulnerable versions should consider applying the available security updates or mitigating the risks by restricting access to the affected components.",Mitel,Micontact Center Business,7.5,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2023-02-13T00:00:00.000Z,0
CVE-2022-41326,https://securityvulnerability.io/vulnerability/CVE-2022-41326,Remote Code Execution Vulnerability in Mitel MiCollab Web Conferencing Component,"The web conferencing component of Mitel MiCollab, up to version 9.6.0.13, is susceptible to a vulnerability that enables unauthenticated attackers to upload arbitrary scripts. This occurs due to insufficient authorization checks, potentially leading to remote code execution within the application's context. If exploited, the attacker could gain unauthorized access and control over the affected system, posing significant security risks.",Mitel,Micollab,9.8,CRITICAL,0.003949999809265137,false,,false,false,false,,,false,false,,2022-11-22T00:00:00.000Z,0
CVE-2022-36453,https://securityvulnerability.io/vulnerability/CVE-2022-36453,Improper Authorization Vulnerability in Mitel MiCollab API,"A security vulnerability exists in the MiCollab Client API of Mitel MiCollab versions 9.1.3 through 9.5.0.101, which can be exploited by authenticated attackers. Due to insufficient authorization controls, an attacker is able to modify profile parameters, potentially gaining control over another user's extension number. This could lead to unauthorized actions and access within the communication system, raising significant security concerns for users utilizing affected versions of MiCollab.",Mitel,Micollab,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-10-25T00:00:00.000Z,0
CVE-2022-36451,https://securityvulnerability.io/vulnerability/CVE-2022-36451,Server-Side Request Forgery Vulnerability in Mitel MiCollab Client,"A vulnerability in the MiCollab Client's server component allows an authenticated attacker to exploit the system through a Server-Side Request Forgery (SSRF) attack. This is made possible by insufficient restrictions on URL parameters, which can be manipulated to exploit the host server's connections and permissions. Successful exploitation could potentially allow unauthorized access to sensitive resources, highlighting the importance of updating to the latest version to mitigate risks.",Mitel,Micollab,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-10-25T00:00:00.000Z,0
CVE-2022-36452,https://securityvulnerability.io/vulnerability/CVE-2022-36452,File Upload Vulnerability in Mitel MiCollab Web Conferencing Component,"A vulnerability has been identified in the web conferencing component of Mitel MiCollab, where unauthenticated attackers can exploit the system to upload malicious files. This could potentially allow for arbitrary code execution within the application, posing significant risks to users. It is crucial for organizations using affected versions of the product to implement the necessary security measures to mitigate this risk.",Mitel,Micollab,9.8,CRITICAL,0.0027199999894946814,false,,false,false,false,,,false,false,,2022-10-25T00:00:00.000Z,0
CVE-2022-31784,https://securityvulnerability.io/vulnerability/CVE-2022-31784,Buffer Overflow Vulnerability in MiVoice Business by Mitel,"The vulnerability in the management interface of MiVoice Business and MiVoice Business Express allows unauthenticated attackers with network access to perform a buffer overflow attack due to inadequate validation of URL parameters. This could lead to arbitrary code execution, presenting significant security risks. Users of the affected products should assess their network configurations and take necessary measures to mitigate potential exploitation.",Mitel,"Mivoice Business,Mivoice Business Express",9.8,CRITICAL,0.003539999946951866,false,,false,false,false,,,false,false,,2022-06-17T11:43:09.000Z,0
CVE-2022-29499,https://securityvulnerability.io/vulnerability/CVE-2022-29499,Remote Code Execution Vulnerability in Mitel MiVoice Connect Products,"A vulnerability exists in the Service Appliance component of Mitel MiVoice Connect that allows for remote code execution due to improper data validation. This flaw can be exploited by an attacker to execute malicious code remotely on affected devices, including SA 100, SA 400, and the Virtual SA. Users are encouraged to update to the latest software versions promptly to mitigate this risk.",Mitel,Mivoice Connect,9.8,CRITICAL,0.02370000071823597,true,2022-06-27T00:00:00.000Z,false,true,true,2022-06-27T00:00:00.000Z,,false,false,,2022-04-26T01:13:58.000Z,0
CVE-2022-26143,https://securityvulnerability.io/vulnerability/CVE-2022-26143,Remote Information Disclosure and Denial of Service in Mitel MiCollab and MiVoice Business Express,"The vulnerability in the TP-240 component of Mitel's MiCollab and MiVoice Business Express products allows remote attackers to exploit weaknesses leading to sensitive information exposure and denial of service. Attackers can leverage this vulnerability to initiate traffic amplification attacks, contributing to performance degradation and excessive outbound traffic. Notably exploited in early 2022, this vulnerability poses significant risks to network stability and data confidentiality.",Mitel,"Micollab,Mivoice Business Express",9.8,CRITICAL,0.3090299963951111,true,2022-03-25T00:00:00.000Z,false,false,true,2022-03-25T00:00:00.000Z,,false,false,,2022-03-10T17:47:00.000Z,0
CVE-2021-3352,https://securityvulnerability.io/vulnerability/CVE-2021-3352,Improper Token Handling in Mitel MiContact Center Business,"The Software Development Kit in Mitel MiContact Center Business versions 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 contains a vulnerability that could be exploited by unauthenticated attackers. The flaw is due to improper handling of authentication tokens, which allows attackers to view and modify user data without proper authorization. This poses a significant risk to user privacy and data integrity.",Mitel,Micontact Center Business,9.1,CRITICAL,0.0017800000496208668,false,,false,false,false,,,false,false,,2021-08-13T15:35:14.000Z,0
CVE-2021-32071,https://securityvulnerability.io/vulnerability/CVE-2021-32071,Improper Access Control Vulnerability in Mitel MiCollab Client Service,"The MiCollab Client service in Mitel MiCollab prior to version 9.3 is susceptible to an improper access control vulnerability. This flaw allows unauthorized users to successfully access the system, enabling them to view and potentially manipulate application data. Furthermore, the vulnerability opens the door for attackers to induce a denial of service, disrupting normal operations for legitimate users.",Mitel,Micollab,9.8,CRITICAL,0.00203999993391335,false,,false,false,false,,,false,false,,2021-08-13T15:31:56.000Z,0