Lucene search

[email protected]CVE-2023-39292

HistoryAug 14, 2023 - 7:15 p.m.

CVE-2023-39292

2023-08-1419:15:12

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

mivoice

office 400

smb controller

cve-2023-39292

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.1%

JSON

A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations.

Affected configurations

NVD

Node

mitelmivoice_office_400_smb_controllerMatch-

AND

mitelmivoice_office_400Range≤7.0.9281

mitelmivoice_office_400_smb_controller_firmwareRange≤1.2.5.23

CPENameOperatorVersion
mitel:mivoice_office_400mitel mivoice office 400le7.0.9281
mitel:mivoice_office_400_smb_controller_firmwaremitel mivoice office 400 smb controller firmwarele1.2.5.23

CPE	Name	Operator	Version
mitel:mivoice_office_400	mitel mivoice office 400	le	7.0.9281
mitel:mivoice_office_400_smb_controller_firmware	mitel mivoice office 400 smb controller firmware	le	1.2.5.23

References

www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.1%

JSON

Related for CVE-2023-39292

nvd1 cvelist1 prion1