A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.
References
| Link | Resource |
|---|---|
| https://www.mitel.com/support/security-advisories | Vendor Advisory |
| https://www.mitel.com/support/security-advisories | Vendor Advisory |
| https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0005 | Vendor Advisory |
| https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0005 | Vendor Advisory |
Configurations
History
31 Jan 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.mitel.com/support/security-advisories - Vendor Advisory | |
| References | () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0005 - Vendor Advisory |
01 Jun 2023, 18:17
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-noinfo | |
| First Time |
Mitel mivoice Connect
Mitel |
|
| References | (MISC) https://www.mitel.com/support/security-advisories - Vendor Advisory | |
| References | (MISC) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0005 - Vendor Advisory | |
| CPE | cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
24 May 2023, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-05-24 21:15
Updated : 2025-01-31 14:15
NVD link : CVE-2023-31458
Mitre link : CVE-2023-31458
JSON object : View
Products Affected
mitel
- mivoice_connect
CWE