CVE-2023-39286

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions through 9.6.2304.102

Description A vulnerability in the Connect Mobility Router component could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.

Recommendations For versions through 9.6.2304.102, update to a version that addresses the insufficient request validation issue in the Connect Mobility Router component to prevent Cross Site Request Forgery (CSRF) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.