CVE-2022-31784
Last modified
CVE-2022-31784 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution.. EPSS estimates a 1.49% chance of exploitation in the next 30 days.
Description
A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mitel | Mivoice Business | <= 9.3.0.27 |
| Mitel | Mivoice Business Express | <= 8.1.2.801 |
References
- https://www.mitel.com/support/security-advisoriesVendor Advisory
- https://www.mitel.com/support/security-advisoriesVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-31784?
How severe is CVE-2022-31784?
How do I fix CVE-2022-31784?
Are you affected by CVE-2022-31784?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST