Mitel MiVoice Connect - multiple vulnerabilities, including critical ones
Take action: If you are using Mitel MiVoice Connect suite, update the versions of your software or apply workarounds.
Learn More
Multiple vulnerabilities are reported for Mitel MiVoice Connect products. A remote, anonymous attacker could exploit multiple vulnerabilities in Mitel MiVoice Connect to gain administrative privileges, execute arbitrary code, or perform a cross-site scripting attack.
The vulnerabilities affect the MiVoice Connect product and operating systems like UNIX, Linux, and Windows. The severity of the vulnerabilities is rated as high and critical.
The vulnerabilities are tracked under CVE-2023-32748, CVE-2023-31460, CVE-2023-31459, CVE-2023-31458, CVE-2023-31457, CVE-2023-25599 und CVE-2023-25598:
- MiVoice Connect Mobility Router Command Injection Vulnerability
- MiVoice Connect Mobility Router Default Password Vulnerability
- MiVoice Connect Default Password Vulnerability
- MiVoice Connect Improper Access Control Vulnerability
- MiVoice Connect Reflected Cross-site Scripting Vulnerability
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions and apply available mitigation.
