Sign-up

ID

VAR-202305-2188


CVE

CVE-2023-31458


TITLE

Mitel Networks Corporation  of  MiVoice Connect  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-007351

DESCRIPTION

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. Mitel Networks Corporation of MiVoice Connect Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-31458 // JVNDB: JVNDB-2023-007351 // VULMON: CVE-2023-31458

AFFECTED PRODUCTS

vendor:mitelmodel:mivoice connectscope:lteversion:22.24.1500.0

Trust: 1.0

vendor:mitelmodel:mivoice connectscope: - version: -

Trust: 0.8

vendor:mitelmodel:mivoice connectscope:lteversion:22.24.1500.0 and earlier

Trust: 0.8

vendor:mitelmodel:mivoice connectscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-007351 // NVD: CVE-2023-31458

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-31458
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-202305-2139
value: CRITICAL

Trust: 0.6

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-31458
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-007351 // NVD: CVE-2023-31458 // CNNVD: CNNVD-202305-2139

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-007351 // NVD: CVE-2023-31458

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-2139

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202305-2139

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-31458

PATCH
title:Mitel MiVoice Connect Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=240055
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202305-2139

EXTERNAL IDS
db:NVDid:CVE-2023-31458
Trust: 3.3
db:JVNDBid:JVNDB-2023-007351
Trust: 0.8
db:CNNVDid:CNNVD-202305-2139
Trust: 0.6
db:VULMONid:CVE-2023-31458
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-31458 // 
            
            
            
            JVNDB: JVNDB-2023-007351 // 
            
            
            
            NVD: CVE-2023-31458 // 
            
            
            
            CNNVD: CNNVD-202305-2139

REFERENCES
url:https://www.mitel.com/support/security-advisories
Trust: 2.5
url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0005
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2023-31458
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-31458/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-31458 // 
            
            
            
            JVNDB: JVNDB-2023-007351 // 
            
            
            
            NVD: CVE-2023-31458 // 
            
            
            
            CNNVD: CNNVD-202305-2139

SOURCES
db:VULMONid:CVE-2023-31458
db:JVNDBid:JVNDB-2023-007351
db:NVDid:CVE-2023-31458
db:CNNVDid:CNNVD-202305-2139

LAST UPDATE DATE
2023-12-18T14:03:16.059000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-31458date:2023-05-25T00:00:00
db:JVNDBid:JVNDB-2023-007351date:2023-11-21T08:08:00
db:NVDid:CVE-2023-31458date:2023-06-01T18:17:49.983
db:CNNVDid:CNNVD-202305-2139date:2023-06-02T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-31458date:2023-05-24T00:00:00
db:JVNDBid:JVNDB-2023-007351date:2023-11-21T00:00:00
db:NVDid:CVE-2023-31458date:2023-05-24T21:15:11.520
db:CNNVDid:CNNVD-202305-2139date:2023-05-24T00:00:00