PT-2025-4822 · Mitel · Mitel Openscape 4000 Manager+1
Dr. Oliver Matula
+2
·
Published
2025-01-22
·
Updated
2025-02-06
·
CVE-2025-23093
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mitel OpenScape 4000 versions V10 R1.54.1 and earlier
Mitel OpenScape 4000 Manager versions V10 R1.54.1 and earlier
Mitel OpenScape 4000 versions V11 through R0.22.1
Mitel OpenScape 4000 Manager versions V11 through R0.22.1
Description
The issue allows an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges.
Recommendations
For Mitel OpenScape 4000 versions V10 R1.54.1 and earlier, update to a version later than V10 R1.54.1 to resolve the issue.
For Mitel OpenScape 4000 Manager versions V10 R1.54.1 and earlier, update to a version later than V10 R1.54.1 to resolve the issue.
For Mitel OpenScape 4000 versions V11 through R0.22.1, update to a version later than R0.22.1 to resolve the issue.
For Mitel OpenScape 4000 Manager versions V11 through R0.22.1, update to a version later than R0.22.1 to resolve the issue.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mitel Openscape 4000
Mitel Openscape 4000 Manager