Skip to main content

Critical Vulnerability in Mitel MiVoice Business and MiVoice Business Express

Mitel releases security advisory for CVE-2022-31784, a vulnerability that could allow arbitrary code execution

Threat ID:
CC-4123
Threat Severity:
Medium
Published:
28 June 2022 11:42 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Mitel releases security advisory for CVE-2022-31784, a vulnerability that could allow arbitrary code execution

Threat details

Introduction

Mitel has released a security advisory regarding a buffer overflow vulnerability, which is due to insufficient validation of URL parameters. The vulnerability is tracked as CVE-2022-31784 and has an overall CVSS rating of 9.8. It affects the management interface of MiVoice Business and MiVoice Business Express.

The vulnerability is rated as Critical for systems deployed with external access to the management interface, and High where access to the management interface is restricted to protected networks.

An unauthenticated attacker that has network access to the management interface could exploit this vulnerability to perform arbitrary code execution.

Remediation advice

Affected organisations are encouraged to review Mitel's Security Advisory 22-0005 and Security Bulletin 22-0005-001 and apply remediation and workarounds as necessary.

For additional information, Mitel recommend contacting Product Support.

Last edited: 28 June 2022 2:15 pm