CVE-2023-31459

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions 9.6.2208.101 and earlier

Description A vulnerability in the Connect Mobility Router component could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges. This is because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.

Recommendations For Mitel MiVoice Connect versions 9.6.2208.101 and earlier, ensure that a strong password is set for administrative access after the initial installation to prevent unauthorized access. Consider changing the default password to a unique and complex one to minimize the risk of exploitation.