Lucene search

[email protected]NVD:CVE-2023-22854

HistoryFeb 13, 2023 - 6:15 p.m.

CVE-2023-22854

2023-02-1318:15:11

[email protected]

web.nvd.nist.gov

mitel

micontact center

file download

vulnerability

url parameters

sensitive information

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.6%

JSON

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.

Affected configurations

Nvd

Node

mitelmicontact_center_businessRange9.2.2.0–9.4.2.0

VendorProductVersionCPE
mitelmicontact_center_business*cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mitel	micontact_center_business	*	cpe:2.3:a:mitel:micontact_center_business::::::::

References

www.mitel.com/support/security-advisories

www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0001

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.6%

JSON

Related for NVD:CVE-2023-22854

cvelist1 prion1 cve1