CVE-2023-31457
First published: Wed May 24 2023(Updated: )
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel MiVoice Connect | <=22.24.1500.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-31457?
The severity of CVE-2023-31457 is critical with a severity value of 9.
How does CVE-2023-31457 affect Mitel MiVoice Connect?
CVE-2023-31457 affects Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier.
What can an unauthenticated attacker do with CVE-2023-31457?
An unauthenticated attacker with internal network access can execute arbitrary scripts due to improper access control in CVE-2023-31457.
How can I fix CVE-2023-31457?
To fix CVE-2023-31457, Mitel recommends upgrading to a version of MiVoice Connect that is later than 19.3 SP2 (22.24.1500.0).
Where can I find more information about CVE-2023-31457?
For more information about CVE-2023-31457, you can visit the following references: [Mitel Security Advisories](https://www.mitel.com/support/security-advisories), [Mitel Product Security Advisory 23-0004](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004)
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/nvd-latest
- vendor/mitel
- canonical/mitel mivoice connect
- version/mitel mivoice connect/22.24.1500.0