← back
CVE-2022-40765

CVE-2022-40765

CVSS 6.8 MEDIUMEPSS 10.5%● KEVCWE-77
In short

An authenticated attacker with internal network access can inject malicious commands into Mitel MiVoice Connect through URL parameters that aren't properly restricted, potentially compromising the system.

Technical detail

CWE-77 command injection vulnerability in Edge Gateway component allows authenticated internal users to execute arbitrary commands via insufficiently validated URL parameters. Requires valid credentials and network access to the affected system (versions through 19.3/22.22.6100.0).

Summary generated and translated by AI from the official description.
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40765https://www.mitel.com/support/security-advisorieshttps://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007