Описание
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.
Уязвимость компонента Edge Gateway системы бизнес-телефонии MiVoice Connect VoIP-устройств Mitel, позволяющая нарушителю вносить произвольные изменения в конфигурацию и выполнять произвольные команды
EPSS
9.8 Critical
CVSS3