CVE-2023-39287

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions through 19.3 SP3 (22.24.5800.0)

Description A vulnerability in the Edge Gateway component could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.

Recommendations For Mitel MiVoice Connect versions through 19.3 SP3 (22.24.5800.0), consider disabling the Edge Gateway component until a patch is available to prevent command argument injection attacks. Restrict internal network access to minimize the risk of exploitation. Avoid using the Edge Gateway component for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.