8 matches found
CVE-2022-29499
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA...
Lorenz Ransomware Exploit Mitel VoIP Systems to Breach Business Networks
The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. "Initial malicious activity originated from a Mitel appliance sitting...
Exploitation of Mitel MiVoice Connect SA CVE-2022-29499
In April 2022, telecommunications company Mitel published a security advisory on CVE-2022-29499, a data validation vulnerability in the Service Appliance component of MiVoice Connect, a business communications product. The vulnerability, which was unpatched at time of publication, arose from...
CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency CISA this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 CVSS score: 7.8, came to light in January 2022 and...
Mitel VoIP Bug Exploited in Ransomware Attacks
Ransomware groups are abusing unpatched versions of a Linux-based Mitel VoIP Voice over Internet Protocol application and using it as a springboard plant malware on targeted systems. The critical remote code execution RCE flaw, tracked as CVE-2022-29499, was first report by Crowdstrike in April a...
Mitel MiVoice Connect Command Injection (CVE-2022-29499)
A command injection vulnerability exists in Mitel MiVoice Connect. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2022-29499
creationtimestamp| type| source ---|---|--- 2022-04-26 07:47:52+00:00| seen| https://t.me/cibsecurity/41421 2022-06-27 19:30:04+00:00| exploited| https://t.me/truesecator/3104 2022-09-13 15:35:06+00:00| exploited| https://t.me/truesecator/3409 2022-09-14 09:47:43+00:00| seen|...
CVE-2022-29499
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA...