[CVE-2022-41223] Mitel MiVoice Connect Code Injection Vulnerability

CISA KEV 정보

취약점명	Mitel MiVoice Connect Code Injection Vulnerability
설명	The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.
조치사항	Apply updates per vendor instructions.
랜섬웨어 캠페인 악용	Known
CWE	CWE-94
등록일 (KEV)	2023-02-21
조치 기한	2023-03-14
추가 참고	https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008; https://nvd.nist.gov/vuln/detail/CVE-2022-41223

NVD 상세 정보

CVSS v3.1: 6.8 MEDIUMCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

설명: The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.

CWE: CWE-94 | CWE-94

참조

https://www.mitel.com/support/security-advisories [Vendor Advisory]
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008 [Vendor Advisory]
https://www.mitel.com/support/security-advisories [Vendor Advisory]
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008 [Vendor Advisory]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41223 [US Government Resource]

This product uses the NVD API but is not endorsed or certified by the NVD.

바로 가기

[CVE-2022-41223] Mitel MiVoice Connect Code Injection Vulnerability

CISA KEV 정보

NVD 상세 정보

참조

IT 도구 서랍