cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-39285,https://securityvulnerability.io/vulnerability/CVE-2023-39285,Cross Site Request Forgery Vulnerability in Mitel MiVoice Connect,"A Cross Site Request Forgery vulnerability exists in the Edge Gateway component of Mitel MiVoice Connect, allowing unauthorized attackers to exploit insufficient request validation. This vulnerability facilitates attackers to manipulate system configurations by delivering modified URLs, potentially putting sensitive systems at risk.",Mitel,Mivoice Connect,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-09-14T00:00:00.000Z,0
CVE-2023-39291,https://securityvulnerability.io/vulnerability/CVE-2023-39291,Information Disclosure Vulnerability in MiVoice Connect by Mitel,"A vulnerability exists in the Connect Mobility Router component of MiVoice Connect that could enable authenticated attackers with elevated permissions to execute an information disclosure attack. This vulnerability is linked to improper configuration within the system, which, if successfully exploited, could expose critical system information. Users of MiVoice Connect version 9.6.2304.102 are advised to review system configurations and apply necessary mitigations to safeguard against potential data breaches.",Mitel,Mivoice Connect,4.9,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-08-25T00:00:00.000Z,0
CVE-2023-39287,https://securityvulnerability.io/vulnerability/CVE-2023-39287,Command Argument Injection Vulnerability in Mitel MiVoice Connect Edge Gateway,"A vulnerability exists in the Edge Gateway of Mitel's MiVoice Connect, impacting versions through 19.3 SP3. This flaw allows authenticated users with elevated privileges and access to the internal network to execute command argument injection attacks, resulting from inadequate sanitization of input parameters. An attacker exploiting this vulnerability could potentially access sensitive network details and induce excessive network traffic, affecting overall system performance.",Mitel,Mivoice Connect,5.5,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2023-08-25T00:00:00.000Z,0
CVE-2023-39288,https://securityvulnerability.io/vulnerability/CVE-2023-39288,Command Argument Injection Vulnerability in Mitel MiVoice Connect Router,"A security flaw in the Connect Mobility Router component of Mitel MiVoice Connect up to version 9.6.2304.102 permits an authenticated user with elevated privileges, who is located within the internal network, to exploit insufficient parameter sanitization, enabling command argument injection. This vulnerability could allow attackers to gain unauthorized access to sensitive network information and potentially generate excessive traffic, disrupting normal network operations.",Mitel,Mivoice Connect,5.5,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2023-08-25T00:00:00.000Z,0
CVE-2023-39289,https://securityvulnerability.io/vulnerability/CVE-2023-39289,Account Enumeration Vulnerability in Mitel MiVoice Connect Router Component,"The Connect Mobility Router of Mitel MiVoice Connect versions up to 9.6.2208.101 is vulnerable due to improper configuration, allowing unauthenticated attackers to perform account enumeration attacks. An exploit may enable attackers to access sensitive system information without authentication, posing significant security risks.",Mitel,Mivoice Connect,7.5,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2023-08-25T00:00:00.000Z,0
CVE-2023-39290,https://securityvulnerability.io/vulnerability/CVE-2023-39290,Information Disclosure Vulnerability in Mitel MiVoice Connect Edge Gateway,"An authentication-related vulnerability exists in the Edge Gateway component of Mitel MiVoice Connect that allows an authenticated attacker with elevated privileges to perform information disclosure attacks. This issue is rooted in improper configuration, which may permit the attacker to gain access to sensitive system information, potentially leading to further exploitation.",Mitel,Mivoice Connect,4.9,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-08-25T00:00:00.000Z,0
CVE-2023-32748,https://securityvulnerability.io/vulnerability/CVE-2023-32748,Improper Access Control in Mitel MiVoice Connect Linux DVS Server,"The Linux DVS server component of Mitel MiVoice Connect, prior to version 19.3 SP2 (22.24.1500.0), is susceptible to an improper access control vulnerability. An attacker with access to the internal network could potentially exploit this flaw to execute arbitrary scripts without requiring authentication, thereby compromising the security of the system. It is essential for administrators to apply the latest updates and assess their network configurations to mitigate this risk.",Mitel,Mivoice Connect,9.8,CRITICAL,0.00394000019878149,false,,false,false,false,,,false,false,,2023-08-14T00:00:00.000Z,0
CVE-2023-31458,https://securityvulnerability.io/vulnerability/CVE-2023-31458,Privilege Escalation Vulnerability in Mitel MiVoice Connect Edge Gateway,"The vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier allows an attacker with internal network access to exploit the system due to the initial installation process not enforcing a mandatory password change. This oversight could lead to unauthorized administrative access, enabling the attacker to perform arbitrary configuration changes and execute commands at will, potentially compromising the integrity and security of the entire system.",Mitel,Mivoice Connect,9.8,CRITICAL,0.00203999993391335,false,,false,false,false,,,false,false,,2023-05-24T00:00:00.000Z,0
CVE-2023-31460,https://securityvulnerability.io/vulnerability/CVE-2023-31460,Command Injection Vulnerability in MiVoice Connect by Mitel,"A command injection vulnerability exists in the Connect Mobility Router component of MiVoice Connect. This flaw affects versions 9.6.2208.101 and earlier, allowing an authenticated attacker with internal network access to manipulate URL parameters. Insufficient restrictions on these parameters can lead to unauthorized execution of arbitrary commands, potentially compromising the integrity and security of the affected system.",Mitel,Mivoice Connect,7.2,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2023-05-24T00:00:00.000Z,0
CVE-2023-25599,https://securityvulnerability.io/vulnerability/CVE-2023-25599,Reflected Cross-Site Scripting Vulnerability in Mitel MiVoice Connect,"A vulnerability exists in the conferencing component of Mitel MiVoice Connect versions 19.3 SP2 and 22.24.1500.0, enabling unauthenticated attackers to perform reflected cross-site scripting (XSS) attacks. This vulnerability arises due to insufficient input validation on the test_presenter.php page. If successfully exploited, it permits an attacker to execute arbitrary scripts within the context of the affected user, posing a significant security risk.",Mitel,Mivoice Connect,7.4,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2023-05-24T00:00:00.000Z,0
CVE-2023-31459,https://securityvulnerability.io/vulnerability/CVE-2023-31459,Authorization Bypass in Mitel MiVoice Connect Router,A vulnerability exists in the Connect Mobility Router component of Mitel's MiVoice Connect. Versions 9.6.2208.101 and earlier are susceptible to an authorization bypass. The flaw allows an unauthenticated attacker with access to the internal network to gain administrative privileges due to the initial installation's failure to enforce a mandatory password change. Exploiting this vulnerability potentially grants the attacker the ability to execute arbitrary commands and change crucial system configurations.,Mitel,Mivoice Connect,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-05-24T00:00:00.000Z,0
CVE-2023-25598,https://securityvulnerability.io/vulnerability/CVE-2023-25598,Reflected Cross-Site Scripting Vulnerability in Mitel MiVoice Connect,"A vulnerability in the conferencing component of Mitel MiVoice Connect can allow an unauthenticated attacker to execute a reflected XSS attack. This occurs due to inadequate validation for the home.php page, enabling the possibility of executing arbitrary scripts. This security issue affects multiple versions of Mitel MiVoice Connect, posing risks to users if unpatched.",Mitel,Mivoice Connect,6.1,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-05-24T00:00:00.000Z,0
CVE-2023-31457,https://securityvulnerability.io/vulnerability/CVE-2023-31457,Improper Access Control in Mitel MiVoice Connect Headquarters Server,"A vulnerability exists in the Headquarters server component of Mitel MiVoice Connect that may allow an unauthenticated attacker with access to the internal network to execute arbitrary scripts. This issue arises from inadequate access control measures, which can expose sensitive functionalities to unauthorized users, potentially leading to unauthorized actions or data breaches.",Mitel,Mivoice Connect,9.8,CRITICAL,0.0036700000055134296,false,,false,false,false,,,false,false,,2023-05-24T00:00:00.000Z,0
CVE-2022-40765,https://securityvulnerability.io/vulnerability/CVE-2022-40765,Command Injection Vulnerability in Mitel MiVoice Connect,"A vulnerability exists in the Edge Gateway component of Mitel MiVoice Connect version 19.3, which allows authenticated attackers with internal network access to perform command injection attacks. This occurs due to inadequate restrictions on URL parameters, potentially leading to unauthorized command execution.",Mitel,Mivoice Connect,6.8,MEDIUM,0.0016799999866634607,true,2023-02-21T00:00:00.000Z,false,true,true,2023-02-21T00:00:00.000Z,,false,false,,2022-11-22T00:00:00.000Z,0
CVE-2022-41223,https://securityvulnerability.io/vulnerability/CVE-2022-41223,Code Injection Vulnerability in MiVoice Connect Database Component by Mitel,"The database component of MiVoice Connect versions up to 19.3 (22.22.6100.0) is susceptible to a code injection attack due to inadequate restrictions on the types of data that can be processed. Authenticated users may exploit this vulnerability by sending deliberately crafted data, potentially compromising the integrity and confidentiality of the system. It is crucial for users of affected versions to apply security updates and implement appropriate security measures.",Mitel,Mivoice Connect,6.8,MEDIUM,0.0017000000225380063,true,2023-02-21T00:00:00.000Z,false,true,true,2023-02-21T00:00:00.000Z,,false,false,,2022-11-22T00:00:00.000Z,0
CVE-2022-29499,https://securityvulnerability.io/vulnerability/CVE-2022-29499,Remote Code Execution Vulnerability in Mitel MiVoice Connect Products,"A vulnerability exists in the Service Appliance component of Mitel MiVoice Connect that allows for remote code execution due to improper data validation. This flaw can be exploited by an attacker to execute malicious code remotely on affected devices, including SA 100, SA 400, and the Virtual SA. Users are encouraged to update to the latest software versions promptly to mitigate this risk.",Mitel,Mivoice Connect,9.8,CRITICAL,0.02370000071823597,true,2022-06-27T00:00:00.000Z,false,true,true,2022-06-27T00:00:00.000Z,,false,false,,2022-04-26T01:13:58.000Z,0
CVE-2020-12456,https://securityvulnerability.io/vulnerability/CVE-2020-12456,,"A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client.",Mitel,Mivoice Connect,8.8,HIGH,0.02175999991595745,false,,false,false,false,,,false,false,,2020-08-26T18:07:29.000Z,0
CVE-2020-12679,https://securityvulnerability.io/vulnerability/CVE-2020-12679,,A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php.,Mitel,"Shoretel Conference Web,Mivoice Connect",6.1,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2020-05-07T16:36:31.000Z,0
CVE-2020-10377,https://securityvulnerability.io/vulnerability/CVE-2020-10377,,A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials.,Mitel,"Mivoice Connect Client,Mivoice Connect",9.8,CRITICAL,0.0016499999910593033,false,,false,false,false,,,false,false,,2020-04-17T12:31:49.000Z,0
CVE-2020-10211,https://securityvulnerability.io/vulnerability/CVE-2020-10211,,A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information.,Mitel,"Mivoice Connect Client,Mivoice Connect",9.8,CRITICAL,0.0129399998113513,false,,false,false,false,,,false,false,,2020-04-17T12:31:02.000Z,0
CVE-2018-9104,https://securityvulnerability.io/vulnerability/CVE-2018-9104,,"A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts.",Mitel,"St 14.2,Mivoice Connect",6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2018-04-25T20:00:00.000Z,0
CVE-2018-9103,https://securityvulnerability.io/vulnerability/CVE-2018-9103,,"A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.",Mitel,"St 14.2,Mivoice Connect",6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2018-04-25T20:00:00.000Z,0
CVE-2018-9102,https://securityvulnerability.io/vulnerability/CVE-2018-9102,,"A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database.",Mitel,"St 14.2,Mivoice Connect",6.5,MEDIUM,0.0017600000137463212,false,,false,false,false,,,false,false,,2018-04-25T20:00:00.000Z,0
CVE-2018-9101,https://securityvulnerability.io/vulnerability/CVE-2018-9101,,"A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts.",Mitel,"St 14.2,Mivoice Connect",6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2018-04-25T20:00:00.000Z,0