Mitel MiVoice Connect Edge Gateway: UAT Priv Esc via Default Pass (pre 19.3 SP2)
CVE-2023-31458 Published on May 24, 2023
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.
Vulnerability Analysis
CVE-2023-31458 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Products Associated with CVE-2023-31458
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-31458 are published in Mitel Mivoice Connect:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.