CVE-2023-31458

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier

Description A vulnerability in the Edge Gateway component could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.

Recommendations For versions 19.3 SP2 (22.24.1500.0) and earlier, ensure that a strong password is set for administrative access after initial installation to prevent exploitation. As a temporary workaround, consider restricting access to the Edge Gateway component until a patch is available. Avoid using default or weak passwords for administrative accounts in the affected versions.