Exploitation of RCE Vulnerability in Mitel MiVoice Connect

Mitel MiVoice Connect has a data validation vulnerability that can be leveraged to perform RCE

Threat ID:: CC-4122
Threat Severity:: Medium
Published:: 28 June 2022 9:47 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Mitel MiVoice Connect has a data validation vulnerability that can be leveraged to perform RCE

Affected platforms

The following platforms are known to be affected:

Versions: R19.2 SP3 (22.20.2300.0) and earlier, R14.x and earlier

Mitel MiVoice Connect

Mitel Service Appliances – SA 100, SA 400, and Virtual SA

Threat details

Introduction

Crowdstrike Services have reported seeing exploitation of a critical vulnerability in Mitel MiVoice Connect, which is a Linux-based Voice over IP (VOIP) appliance. Crowdstrike Services said that a remote code execution (RCE) exploit was used in a suspected ransomware attack in an attempt to gain initial access.

The vulnerability, known as CVE-2022-29499, has a CVSSv3 score of 9.8 and requires no privileges and no user interaction. An unauthenticated, remote attacker could exploit this vulnerability to achieve remote code execution within the context of the service appliance and take control of the system.

Exploitation by ransomware operators in the wild

CISA has added CVE-2022-29499 to their Known Exploited Vulnerabilities Catalog. This catalogue is used to describe vulnerabilities that are a frequent attack vector for malicious cyber actors and therefore pose a significant risk.

Remediation advice

Affected organisations are encouraged to review Mitel Security Advisory 22-0002 and apply the necessary update.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

Last edited: 28 June 2022 9:47 am