PT-2023-26872 · Mitel · Mitel Mivoice Connect

Jahmil Williams

Publicado

2023-08-25

Atualizado

2023-08-31

CVE-2023-39290

CVSS v3.1

4.9

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions through R19.3 SP3 (22.24.5800.0)

Description A vulnerability in the Edge Gateway component could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information.

Recommendations For versions through R19.3 SP3 (22.24.5800.0), consider updating to a version later than R19.3 SP3 (22.24.5800.0) to resolve the issue. As a temporary workaround, restrict access to the Edge Gateway component to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-39290

Produtos afetados

Mitel Mivoice Connect

PT-2023-26872 · Mitel · Mitel Mivoice Connect

CVE-2023-39290

Identificadores relacionados

Produtos afetados

Referências · 10