CVE-2022-41223 - Mitel MiVoice Connect Code Injection Vulnerability
Project:Mitel
Product:MiVoice Connect
Date Added:2023-02-21Due Date:2023-03-14
Vulnerability Name
Mitel MiVoice Connect Code Injection Vulnerability
Description
The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008
https://nvd.nist.gov/vuln/detail/CVE-2022-41223