Critical Vulnerability in Mitel MiVoice Business and MiVoice Business Express
Mitel releases security advisory for CVE-2022-31784, a vulnerability that could allow arbitrary code execution
Summary
Mitel releases security advisory for CVE-2022-31784, a vulnerability that could allow arbitrary code execution
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Mitel has released a security advisory regarding a buffer overflow vulnerability, which is due to insufficient validation of URL parameters. The vulnerability is tracked as CVE-2022-31784 and has an overall CVSS rating of 9.8. It affects the management interface of MiVoice Business and MiVoice Business Express.
The vulnerability is rated as Critical for systems deployed with external access to the management interface, and High where access to the management interface is restricted to protected networks.
An unauthenticated attacker that has network access to the management interface could exploit this vulnerability to perform arbitrary code execution.
Remediation advice
Affected organisations are encouraged to review Mitel's Security Advisory 22-0005 and Security Bulletin 22-0005-001 and apply remediation and workarounds as necessary.
For additional information, Mitel recommend contacting Product Support.
Definitive source of threat updates
Last edited: 28 June 2022 2:15 pm