Details of VAR-202305-2335

ID

VAR-202305-2335

CVE

CVE-2023-31457

TITLE

Mitel Networks Corporation of MiVoice Connect Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-007352

DESCRIPTION

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. Mitel Networks Corporation of MiVoice Connect Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-31457 // JVNDB: JVNDB-2023-007352 // VULMON: CVE-2023-31457

AFFECTED PRODUCTS

vendor:	mitel	model:	mivoice connect	scope:	lte	version:	22.24.1500.0	Trust: 1.0
vendor:	mitel	model:	mivoice connect	scope:	-	version:	-	Trust: 0.8
vendor:	mitel	model:	mivoice connect	scope:	lte	version:	22.24.1500.0 and earlier	Trust: 0.8
vendor:	mitel	model:	mivoice connect	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-007352 // NVD: CVE-2023-31457

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-31457
value:	CRITICAL
Trust: 1.8
CNNVD:	CNNVD-202305-2164
value:	CRITICAL
Trust: 0.6

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-31457
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-007352 // NVD: CVE-2023-31457 // CNNVD: CNNVD-202305-2164

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-007352 // NVD: CVE-2023-31457

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-2164

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202305-2164

CONFIGURATIONS

sources: NVD: CVE-2023-31457

PATCH

title:

Mitel MiVoice Connect Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=240062

Trust: 0.6

sources: CNNVD: CNNVD-202305-2164

EXTERNAL IDS

db:	NVD	id:	CVE-2023-31457	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-007352	Trust: 0.8
db:	CNNVD	id:	CNNVD-202305-2164	Trust: 0.6
db:	VULMON	id:	CVE-2023-31457	Trust: 0.1

sources: VULMON: CVE-2023-31457 // JVNDB: JVNDB-2023-007352 // NVD: CVE-2023-31457 // CNNVD: CNNVD-202305-2164

REFERENCES

url:	https://www.mitel.com/support/security-advisories	Trust: 2.5
url:	https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2023-31457	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-31457/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-31457 // JVNDB: JVNDB-2023-007352 // NVD: CVE-2023-31457 // CNNVD: CNNVD-202305-2164

SOURCES

db:	VULMON	id:	CVE-2023-31457
db:	JVNDB	id:	JVNDB-2023-007352
db:	NVD	id:	CVE-2023-31457
db:	CNNVD	id:	CNNVD-202305-2164

LAST UPDATE DATE

2023-12-18T13:50:26.762000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-31457	date:	2023-05-25T00:00:00
db:	JVNDB	id:	JVNDB-2023-007352	date:	2023-11-21T08:08:00
db:	NVD	id:	CVE-2023-31457	date:	2023-06-01T02:15:21.670
db:	CNNVD	id:	CNNVD-202305-2164	date:	2023-06-02T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-31457	date:	2023-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2023-007352	date:	2023-11-21T00:00:00
db:	NVD	id:	CVE-2023-31457	date:	2023-05-24T20:15:09.977
db:	CNNVD	id:	CNNVD-202305-2164	date:	2023-05-24T00:00:00