CVE-2023-39286: CSRF
First published: Thu Sep 14 2023(Updated: )
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel Connect Mobility Router | <9.6.2307.111 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-39286?
CVE-2023-39286 is a vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect.
What is the severity of CVE-2023-39286?
CVE-2023-39286 has a severity rating of medium (4.3).
How does CVE-2023-39286 affect Mitel MiVoice Connect?
CVE-2023-39286 allows an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack on Mitel MiVoice Connect.
How can an attacker exploit CVE-2023-39286?
An attacker can exploit CVE-2023-39286 by providing a modified request, which may lead to unauthorized actions on the affected system.
Is there a fix for CVE-2023-39286?
Mitel has released a security advisory (23-0015) with mitigation steps to address the vulnerability. Please refer to the provided reference for more information.
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/mitel
- canonical/mitel connect mobility router