CVE-2022-41223

MEDIUM KEV RANSOMWARE

MiVoice Connect <22.22.6100.0 - Code Injection

Title source: llm

Description

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.

References (3)

Scores

CVSS v3 6.8
EPSS 0.0171
EPSS Percentile 82.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-02-21
VulnCheck KEV 2023-02-21
InTheWild.io 2023-02-21
ENISA EUVD EUVD-2022-44464
Ransomware Use Confirmed
CWE
CWE-94
Status published
Products (1)
mitel/mivoice_connect < 22.22.6100.0
Published Nov 22, 2022
KEV Added Feb 21, 2023
Tracked Since Feb 18, 2026