CVE-2022-29499

CRITICAL KEV RANSOMWARE

Mitel Mivoice Connect < 22.20.2300.0 - Improper Input Validation

Title source: rule

Description

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

References (2)

Scores

CVSS v3 9.8
EPSS 0.8862
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-06-27
VulnCheck KEV 2022-06-23
InTheWild.io 2022-06-23
ENISA EUVD EUVD-2022-33836
Ransomware Use Confirmed
CWE
CWE-20
Status published
Products (1)
mitel/mivoice_connect < 22.20.2300.0
Published Apr 26, 2022
KEV Added Jun 27, 2022
Tracked Since Feb 18, 2026