Sign-up

ID

VAR-202204-1874


CVE

CVE-2022-29499


TITLE

Mitel Networks Corporation  of  MiVoice Connect  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008620

DESCRIPTION

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. Mitel Networks Corporation of MiVoice Connect There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-29499 // JVNDB: JVNDB-2022-008620 // VULMON: CVE-2022-29499

AFFECTED PRODUCTS

vendor:mitelmodel:mivoice connectscope:lteversion:22.20.2300.0

Trust: 1.0

vendor:mitelmodel:mivoice connectscope:lteversion:22.20.2300.0 and earlier

Trust: 0.8

vendor:mitelmodel:mivoice connectscope:eqversion: -

Trust: 0.8

vendor:mitelmodel:mivoice connectscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-008620 // NVD: CVE-2022-29499

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-29499
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-202204-4387
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-29499
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2022-29499
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-29499
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-29499 // JVNDB: JVNDB-2022-008620 // NVD: CVE-2022-29499 // CNNVD: CNNVD-202204-4387

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008620 // NVD: CVE-2022-29499

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4387

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-4387

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-29499

PATCH
title:Mitel MiVoice Connect Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=191744
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202204-4387

EXTERNAL IDS
db:NVDid:CVE-2022-29499
Trust: 3.3
db:JVNDBid:JVNDB-2022-008620
Trust: 0.8
db:CNNVDid:CNNVD-202204-4387
Trust: 0.6
db:VULMONid:CVE-2022-29499
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-29499 // 
            
            
            
            JVNDB: JVNDB-2022-008620 // 
            
            
            
            NVD: CVE-2022-29499 // 
            
            
            
            CNNVD: CNNVD-202204-4387

REFERENCES
url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0002
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2022-29499
Trust: 0.8
url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-29499/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-29499 // 
            
            
            
            JVNDB: JVNDB-2022-008620 // 
            
            
            
            NVD: CVE-2022-29499 // 
            
            
            
            CNNVD: CNNVD-202204-4387

SOURCES
db:VULMONid:CVE-2022-29499
db:JVNDBid:JVNDB-2022-008620
db:NVDid:CVE-2022-29499
db:CNNVDid:CNNVD-202204-4387

LAST UPDATE DATE
2023-12-18T12:41:58.353000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-29499date:2022-05-05T00:00:00
db:JVNDBid:JVNDB-2022-008620date:2023-07-28T08:04:00
db:NVDid:CVE-2022-29499date:2022-05-05T18:25:02.880
db:CNNVDid:CNNVD-202204-4387date:2022-05-07T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-29499date:2022-04-26T00:00:00
db:JVNDBid:JVNDB-2022-008620date:2023-07-28T00:00:00
db:NVDid:CVE-2022-29499date:2022-04-26T02:15:37.107
db:CNNVDid:CNNVD-202204-4387date:2022-04-26T00:00:00