Vulnerability Description
A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitel | Mivoice Business | <= 9.3.0.27 |
| Mitel | Mivoice Business Express | <= 8.1.2.801 |
Related Weaknesses (CWE)
References
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisorVendor Advisory
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisorVendor Advisory
FAQ
What is CVE-2022-31784?
CVE-2022-31784 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the...
How severe is CVE-2022-31784?
CVE-2022-31784 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-31784?
Check the references section above for vendor advisories and patch information. Affected products include: Mitel Mivoice Business, Mitel Mivoice Business Express.