Details of VAR-202308-3487

ID

VAR-202308-3487

CVE

CVE-2023-39290

TITLE

Mitel Networks Corporation of MiVoice Connect Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-011443

DESCRIPTION

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. Mitel Networks Corporation of MiVoice Connect Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2023-39290 // JVNDB: JVNDB-2023-011443 // VULMON: CVE-2023-39290

AFFECTED PRODUCTS

vendor:	mitel	model:	mivoice connect	scope:	lte	version:	22.24.5800.0	Trust: 1.0
vendor:	mitel	model:	mivoice connect	scope:	eq	version:	-	Trust: 0.8
vendor:	mitel	model:	mivoice connect	scope:	lte	version:	22.24.5800.0 and earlier	Trust: 0.8
vendor:	mitel	model:	mivoice connect	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-011443 // NVD: CVE-2023-39290

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-39290
value:	MEDIUM
Trust: 1.8

NVD:	CVE-2023-39290
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2023-39290
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-011443 // NVD: CVE-2023-39290

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-011443 // NVD: CVE-2023-39290

CONFIGURATIONS

sources: NVD: CVE-2023-39290

EXTERNAL IDS

db:	NVD	id:	CVE-2023-39290	Trust: 2.7
db:	JVNDB	id:	JVNDB-2023-011443	Trust: 0.8
db:	VULMON	id:	CVE-2023-39290	Trust: 0.1

sources: VULMON: CVE-2023-39290 // JVNDB: JVNDB-2023-011443 // NVD: CVE-2023-39290

REFERENCES

url:	https://www.mitel.com/support/security-advisories	Trust: 1.9
url:	https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0012	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2023-39290	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-39290 // JVNDB: JVNDB-2023-011443 // NVD: CVE-2023-39290

SOURCES

db:	VULMON	id:	CVE-2023-39290
db:	JVNDB	id:	JVNDB-2023-011443
db:	NVD	id:	CVE-2023-39290

LAST UPDATE DATE

2023-12-14T22:50:38.737000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-39290	date:	2023-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2023-011443	date:	2023-12-13T05:44:00
db:	NVD	id:	CVE-2023-39290	date:	2023-08-31T18:22:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-39290	date:	2023-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2023-011443	date:	2023-12-13T00:00:00
db:	NVD	id:	CVE-2023-39290	date:	2023-08-25T22:15:00