Mitel · Mitel Mivoice Connect · CVE-2022-40765
**Name of the Vulnerable Software and Affected Versions**
Mitel MiVoice Connect versions through 19.3 (22.22.6100.0)
**Description**
A vulnerability in the Edge Gateway component could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.
**Recommendations**
For Mitel MiVoice Connect versions through 19.3 (22.22.6100.0), consider restricting access to the Edge Gateway component until a patch is available. As a temporary workaround, restrict the use of URL parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.