exploitDog

CVE-2023-25597

Опубликовано: 14 апр. 2023

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information.

Ссылки

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0002
Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0002
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*

Версия до 9.7 (исключая)

EPSS

Процентиль: 54%

0.00315

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-287

CWE-287

Связанные уязвимости

GHSA-9g43-4p8p-g9g5

CVSS3: 5.9

github

почти 3 года назад

A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information.

EPSS

Процентиль: 54%

0.00315

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-287

CWE-287