PT-2023-18730 · Mitel · Mitel Micontact Center Business

Publicado

2023-02-13

Atualizado

2025-03-21

CVE-2023-22854

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Mitel MiContact Center Business server versions 9.2.2.0 through 9.4.1.0

Description The ccmweb component could allow an unauthenticated attacker to download arbitrary files due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.

Recommendations For versions 9.2.2.0 through 9.4.1.0, consider restricting access to the ccmweb component until a patch is available. As a temporary workaround, limit the use of URL parameters to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-839

Identificadores relacionados

CVE-2023-22854

Produtos afetados

Mitel Micontact Center Business

PT-2023-18730 · Mitel · Mitel Micontact Center Business

CVE-2023-22854

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7