CVE-2022-40765

MEDIUM KEV RANSOMWARE

Mitel Mivoice Connect < 22.22.6100.0 - Command Injection

Title source: rule

Description

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.

References (3)

Scores

CVSS v3 6.8
EPSS 0.0404
EPSS Percentile 88.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-02-21
VulnCheck KEV 2023-02-21
InTheWild.io 2023-02-21
ENISA EUVD EUVD-2022-44031
Ransomware Use Confirmed
CWE
CWE-77
Status published
Products (1)
mitel/mivoice_connect < 22.22.6100.0
Published Nov 22, 2022
KEV Added Feb 21, 2023
Tracked Since Feb 18, 2026