CVE-2023-39288

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions through 9.6.2304.102

Description A vulnerability in the Connect Mobility Router component could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.

Recommendations For Mitel MiVoice Connect versions through 9.6.2304.102, consider updating to a version that addresses the command argument injection issue in the Connect Mobility Router component to prevent exploitation. As a temporary workaround, restrict internal network access and ensure that only authorized personnel have elevated privileges to minimize the risk of exploitation.