CVE-2023-39285

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions through 19.3 SP3 (22.24.5800.0)

Description A vulnerability in the Edge Gateway component could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.

Recommendations For versions through 19.3 SP3 (22.24.5800.0), consider implementing additional validation for incoming requests to prevent CSRF attacks. As a temporary workaround, restrict access to system configuration settings until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.