CVE-2022-29499

CVSS 9.8 CRITICALEPSS 56.7%● KEVCWE-20

In short

Mitel MiVoice Connect's Service Appliance has a flaw that allows attackers to run malicious code remotely without proper authentication. This is critical because it can give attackers complete control over the communication system.

Technical detail

CWE-20 improper input validation in Mitel MiVoice Connect Service Appliance (SA 100, SA 400, Virtual SA) up to version 19.2 SP3 enables unauthenticated remote code execution. The vulnerability stems from insufficient data validation, allowing attackers to inject and execute arbitrary commands on affected appliances.

Summary generated and translated by AI from the official description.

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-29499 https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0002