Sign-up

ID

VAR-202308-3051


CVE

CVE-2023-32748


TITLE

Mitel Networks Corporation  of  MiVoice Connect  Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2023-022269

DESCRIPTION

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. Mitel Networks Corporation of MiVoice Connect Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-32748 // JVNDB: JVNDB-2023-022269 // VULMON: CVE-2023-32748

AFFECTED PRODUCTS

vendor:mitelmodel:mivoice connectscope:lteversion:22.24.1500.0

Trust: 1.0

vendor:mitelmodel:mivoice connectscope:eqversion: -

Trust: 0.8

vendor:mitelmodel:mivoice connectscope:lteversion:22.24.1500.0 and earlier

Trust: 0.8

vendor:mitelmodel:mivoice connectscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-022269 // NVD: CVE-2023-32748

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-32748
value: CRITICAL

Trust: 1.8

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-32748
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-022269 // NVD: CVE-2023-32748

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-022269 // NVD: CVE-2023-32748

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-32748

EXTERNAL IDS
db:NVDid:CVE-2023-32748
Trust: 2.7
db:JVNDBid:JVNDB-2023-022269
Trust: 0.8
db:VULMONid:CVE-2023-32748
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-32748 // 
            
            
            
            JVNDB: JVNDB-2023-022269 // 
            
            
            
            NVD: CVE-2023-32748

REFERENCES
url:https://www.mitel.com/support/security-advisories
Trust: 1.9
url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2023-32748
Trust: 0.8
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-32748 // 
            
            
            
            JVNDB: JVNDB-2023-022269 // 
            
            
            
            NVD: CVE-2023-32748

SOURCES
db:VULMONid:CVE-2023-32748
db:JVNDBid:JVNDB-2023-022269
db:NVDid:CVE-2023-32748

LAST UPDATE DATE
2024-01-23T22:34:49.795000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-32748date:2023-08-14T00:00:00
db:JVNDBid:JVNDB-2023-022269date:2024-01-22T05:47:00
db:NVDid:CVE-2023-32748date:2023-08-22T15:06:48.240

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-32748date:2023-08-14T00:00:00
db:JVNDBid:JVNDB-2023-022269date:2024-01-22T00:00:00
db:NVDid:CVE-2023-32748date:2023-08-14T18:15:10.867