Lucene search
HistoryAug 14, 2023 - 7:15 p.m.
CVE-2023-39292
mivoice
sql injection
smb controller
vulnerability
sensitive information
database operations
management operations
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.001
Percentile
47.1%
A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations.
Affected configurations
Node
mitelmivoice_office_400_smb_controllerMatch-
mitelmivoice_office_400Range≤7.0.9281
ORmitelmivoice_office_400_smb_controller_firmwareRange≤1.2.5.23
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mitel | mivoice_office_400_smb_controller | - | cpe:2.3:h:mitel:mivoice_office_400_smb_controller:-:*:*:*:*:*:*:* |
| mitel | mivoice_office_400 | * | cpe:2.3:a:mitel:mivoice_office_400:*:*:*:*:*:*:*:* |
| mitel | mivoice_office_400_smb_controller_firmware | * | cpe:2.3:o:mitel:mivoice_office_400_smb_controller_firmware:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-39292
2023-08-14 00:00:00
cve
cve
CVE-2023-39292
2023-08-14 19:15:12
prion
prion
Sql injection
2023-08-14 19:15:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.001
Percentile
47.1%
Related for NVD:CVE-2023-39292