PT-2022-25738 · Mitel · Mivoice Connect
Patrick Bennett
·
Published
2022-11-22
·
Updated
2023-02-22
·
CVE-2022-41223
CVSS v3.1
6.8
Medium
| Vector | AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MiVoice Connect versions through 19.3 (22.22.6100.0)
Description
The issue allows an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type in the Director database component.
Recommendations
For MiVoice Connect versions through 19.3 (22.22.6100.0), at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mivoice Connect