Mitel MiVoice Connect HQ Server Exec Vulnerable pre-19.3 SP2: CVE-2023-31457 May 2023

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.

Vulnerability Analysis

CVE-2023-31457 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Products Associated with CVE-2023-31457

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-31457 are published in Mitel Mivoice Connect:

Mitel Mivoice Connect

Exploit Probability

EPSS

0.60%

Percentile

69.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Mitel MiVoice Connect HQ Server Exec Vulnerable pre-19.3 SP2CVE-2023-31457 Published on May 24, 2023

Vulnerability Analysis

Products Associated with CVE-2023-31457

Exploit Probability

Mitel MiVoice Connect HQ Server Exec Vulnerable pre-19.3 SP2
CVE-2023-31457 Published on May 24, 2023