168 matches found
CVE-2023-39287
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 22.24.5800.0 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit...
CVE-2023-39290
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 22.24.5800.0 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view syst...
Mitel MiVoice Connect 安全漏洞
Mitel MiVoice Connect is Mitel Canada's software for centralized management of Mitel Networks' call processing and collaboration tools. A security vulnerability exists in Mitel MiVoice Connect that originates in the Edge Gateway component from an information disclosure issue...
PT-2023-26872 · Mitel · Mitel Mivoice Connect
Name of the Vulnerable Software and Affected Versions: Mitel MiVoice Connect versions through R19.3 SP3 22.24.5800.0 Description: A vulnerability in the Edge Gateway component could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to imprope...
CVE-2023-39290
The CVE-2023-39290 entry involves Mitel MiVoice Connect, specifically the Edge Gateway component. A vulnerability could allow an authenticated user with elevated privileges to perform an information disclosure due to improper configuration, with the impact being visibility of system information. ...
PT-2023-9249 · Dell · Dell Edge Gateway Bios
Name of the Vulnerable Software and Affected Versions: Dell Edge Gateway BIOS versions 3200 and 5200 Description: The issue is related to an out-of-bounds write vulnerability in the System Management Mode SMM of the BIOS firmware. This could be exploited by a local authenticated malicious user wi...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on June 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-164-01 Datalogics Library Third-Party ICSA-23-164-02 Rockwell Automation FactoryTalk...
Rockwell Automation FactoryTalk Edge Gateway
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Edge Gateway Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local user to cause the program to crash, causing a...
The vulnerability of the Edge Gateway component of the MiVoice Connect business telephone system’s VoIP devices allows a perpetrator to make arbitrary changes to the configuration and execute arbitrary commands.
The vulnerability of the Edge Gateway component in the MiVoice Connect business telephone system’s VoIP devices relates to the absence of a mandatory password change during initial installation. Exploiting this vulnerability allows an attacker to make arbitrary changes to the configuration and...
CVE-2023-31458
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A...
CVE-2023-31458
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A...
Command injection
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A...
CVE-2023-31458
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A...
CVE-2023-31458
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A...
CVE-2023-31458
Summary of CVE-2023-31458 (Mitel MiVoice Connect Edge Gateway) : The Edge Gateway component in MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier allows an unauthenticated attacker with internal network access to authenticate with administrative privileges because the initial installati...
Vulnerabilities fixed in Mitel MiVoice Connect
Mitel has fixed vulnerabilities in several components of MiVoice Connect, such as Mobility router, Edge Gateway, HQ and DVS. A malicious party can exploit the vulnerabilities to execute arbitrary code within the context of the application. To execute code as an administrator, the malicious party...
PT-2023-2914 · Mitel · Mitel Mivoice Connect
Name of the Vulnerable Software and Affected Versions: Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier Description: A vulnerability in the Edge Gateway component could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges,...
CVE-2023-26213
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/updatecertificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain...
Command injection
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/updatecertificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain...
Barracuda CloudGen WAN 操作系统命令注入漏洞
Barracuda Networks Barracuda CloudGen WAN is Barracuda Networks' tool for easily connecting all your locations to the Microsoft Global Network via Azure Virtual WAN. A security vulnerability exists in versions prior to Barracuda CloudGen WAN Private Edge Gateway devices 8...