PT-2023-26868 · Mitel · Mitel Mivoice Connect

Jahmil Williams

Published

2023-09-14

Updated

2023-09-19

CVE-2023-39286

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions through 9.6.2304.102

Description A vulnerability in the Connect Mobility Router component could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.

Recommendations For versions through 9.6.2304.102, update to a version that addresses the insufficient request validation issue in the Connect Mobility Router component to prevent Cross Site Request Forgery (CSRF) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2023-39286

Affected Products

Mitel Mivoice Connect

PT-2023-26868 · Mitel · Mitel Mivoice Connect

CVE-2023-39286

Weakness Enumeration

Related Identifiers

Affected Products

References · 4