Filtered by vendor Mitel
Subscribe
Total
108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36446 | 1 Mitel | 1 Mivoice Mx-one | 2024-09-12 | N/A | 8.8 HIGH |
| The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema. | |||||
| CVE-2024-37570 | 1 Mitel | 2 6869i Sip, 6869i Sip Firmware | 2024-08-01 | N/A | 8.8 HIGH |
| On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution. | |||||
| CVE-2024-37569 | 1 Mitel | 2 6869i Sip, 6869i Sip Firmware | 2024-07-03 | N/A | 8.8 HIGH |
| An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter. | |||||
| CVE-2014-0160 | 13 Broadcom, Canonical, Debian and 10 more | 35 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 32 more | 2024-07-02 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | |||||
| CVE-2023-40265 | 1 Mitel | 1 Unify Openscape Xpressions Webassistant | 2024-02-28 | N/A | 8.8 HIGH |
| An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload. | |||||
| CVE-2023-40266 | 1 Mitel | 1 Unify Openscape Xpressions Webassistant | 2024-02-28 | N/A | 9.8 CRITICAL |
| An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal. | |||||
| CVE-2023-39291 | 1 Mitel | 1 Mivoice Connect | 2024-02-28 | N/A | 4.9 MEDIUM |
| A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. | |||||
| CVE-2023-39293 | 1 Mitel | 3 Mivoice Office 400, Mivoice Office 400 Smb Controller, Mivoice Office 400 Smb Controller Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. | |||||
| CVE-2023-39286 | 1 Mitel | 1 Connect Mobility Router | 2024-02-28 | N/A | 4.3 MEDIUM |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | |||||
| CVE-2023-39285 | 1 Mitel | 1 Mivoice Connect | 2024-02-28 | N/A | 4.3 MEDIUM |
| A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. | |||||
| CVE-2023-39288 | 1 Mitel | 1 Mivoice Connect | 2024-02-28 | N/A | 5.5 MEDIUM |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. | |||||
| CVE-2023-39289 | 1 Mitel | 1 Mivoice Connect | 2024-02-28 | N/A | 7.5 HIGH |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information. | |||||
| CVE-2023-39292 | 1 Mitel | 3 Mivoice Office 400, Mivoice Office 400 Smb Controller, Mivoice Office 400 Smb Controller Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. | |||||
| CVE-2023-39287 | 1 Mitel | 1 Mivoice Connect | 2024-02-28 | N/A | 5.5 MEDIUM |
| A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. | |||||
| CVE-2023-32748 | 1 Mitel | 1 Mivoice Connect | 2024-02-28 | N/A | 9.8 CRITICAL |
| The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. | |||||
| CVE-2023-39290 | 1 Mitel | 1 Mivoice Connect | 2024-02-28 | N/A | 4.9 MEDIUM |
| A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. | |||||
| CVE-2023-25598 | 1 Mitel | 1 Mivoice Connect | 2024-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2023-31459 | 1 Mitel | 1 Mivoice Connect | 2024-02-28 | N/A | 8.8 HIGH |
| A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. | |||||
| CVE-2023-25599 | 1 Mitel | 1 Mivoice Connect | 2024-02-28 | N/A | 7.4 HIGH |
| A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2023-25597 | 1 Mitel | 1 Micollab | 2024-02-28 | N/A | 5.9 MEDIUM |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information. | |||||