CVE-2022-29499

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions prior to 19.2 SP3

Description The issue is related to incorrect data validation in the Service Appliance component, allowing remote code execution. This vulnerability has been exploited in real-world incidents, including ransomware attacks. The exploitation involves sending two GET requests, with the first request using the get url parameter to access a local file on the device, and the second request leading to the exploitation. The attackers have used this vulnerability to create a reverse shell and load tools such as Chisel for further exploitation. It is estimated that a significant number of devices may be affected, but the exact number is not specified.

Recommendations For Mitel MiVoice Connect versions prior to 19.2 SP3, update to a version that includes the security fix for this issue. As a temporary workaround, consider restricting access to the Service Appliance component to minimize the risk of exploitation. Additionally, users should ensure that their devices are properly configured and isolated from critical assets to prevent further exploitation. It is also recommended to limit access to hosts and servers, such as ESXi and vCenter, as much as possible. At the moment, there is no information about a newer version that contains a fix for this vulnerability, so it is crucial to follow the provided recommendations to mitigate the risk.