CVE-2022-41223

CVSS 6.8 MEDIUMEPSS 10.6%● KEVCWE-94

In short

An authenticated user can inject malicious code into the MiVoice Connect database by sending specially crafted data. This happens because the database component doesn't properly validate the type of data being stored.

Technical detail

CWE-94 code injection vulnerability in MiVoice Connect Director database component (versions ≤19.3/22.22.6100.0) allows authenticated attackers to inject arbitrary code through insufficiently restricted database data types. The attack requires valid authentication credentials and exploits inadequate input validation on database operations.

Summary generated and translated by AI from the official description.

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41223 https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008