CVE-2023-25598

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions through 19.3 SP2 Mitel MiVoice Connect versions 20.x Mitel MiVoice Connect versions 21.x Mitel MiVoice Connect versions 22.x through 22.24.1500.0

Description The issue is related to insufficient validation for the home.php page, which could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack. This type of attack occurs when an application takes user input and sends it back to the user without proper validation, allowing an attacker to inject malicious scripts. A successful exploit could allow an attacker to execute arbitrary scripts, potentially giving them access to user conference information.

Recommendations For Mitel MiVoice Connect versions through 19.3 SP2, update to a version later than 19.3 SP2 to resolve the issue. For Mitel MiVoice Connect versions 20.x, update to a version later than 20.x to resolve the issue. For Mitel MiVoice Connect versions 21.x, update to a version later than 21.x to resolve the issue. For Mitel MiVoice Connect versions 22.x through 22.24.1500.0, update to a version later than 22.24.1500.0 to resolve the issue. As a temporary workaround, consider restricting access to the home.php page until a patch is available.