Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mitel vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-28351
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated malicious user to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING&am...
Mitel Shoretel Firmware 19.46.1802.0
1 Github repository
10
CVSSv2
CVE-2022-29499
The Service Appliance component in Mitel MiVoice Connect up to and including 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.
Mitel Mivoice Connect
2 Articles
NA
CVE-2023-32748
The Linux DVS server component of Mitel MiVoice Connect up to and including 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
Mitel Mivoice Connect
NA
CVE-2023-31457
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and previous versions could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
Mitel Mivoice Connect
NA
CVE-2023-31458
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and previous versions could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not...
Mitel Mivoice Connect
NA
CVE-2023-31459
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and previous versions could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does...
Mitel Mivoice Connect
NA
CVE-2023-31460
A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and previous versions could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters.
Mitel Mivoice Connect
NA
CVE-2023-39285
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect up to and including 19.3 SP3 (22.24.5800.0) could allow an unauthenticated malicious user to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit coul...
Mitel Mivoice Connect
NA
CVE-2023-39287
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect up to and including 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sani...
Mitel Mivoice Connect
NA
CVE-2023-39288
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect up to and including 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sani...
Mitel Mivoice Connect
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »