CVE-2023-39288

MEDIUM

Mitel MiVoice Connect <9.6.2304.102 - Command Injection

Title source: llm

Description

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.

References (2)

[Vendor Advisory] https://www.mitel.com/support/security-advisories

[Vendor Advisory] https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0011

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 36.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

Classification

CWE

CWE-88

Status published

Affected Products (1)

mitel/mivoice_connect < 9.6.2304.102

Timeline

Published Aug 25, 2023

Tracked Since Feb 18, 2026