CVE-2022-40765 - Mitel MiVoice Connect Command Injection Vulnerability
Project:Mitel
Product:MiVoice Connect
Date Added:2023-02-21Due Date:2023-03-14
Vulnerability Name
Mitel MiVoice Connect Command Injection Vulnerability
Description
The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007
https://nvd.nist.gov/vuln/detail/CVE-2022-40765