ID

VAR-202309-2235


CVE

CVE-2023-39285


DESCRIPTION

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.

Trust: 1.0

sources: NVD: CVE-2023-39285

AFFECTED PRODUCTS

vendor:mitelmodel:mivoice connectscope:ltversion:22.24.7100.0

Trust: 1.0

sources: NVD: CVE-2023-39285

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-39285
value: MEDIUM

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-39285

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.0

sources: NVD: CVE-2023-39285

CONFIGURATIONS

sources: NVD: CVE-2023-39285

EXTERNAL IDS

db:NVDid:CVE-2023-39285

Trust: 1.0

sources: NVD: CVE-2023-39285

REFERENCES

url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0014

Trust: 1.0

sources: NVD: CVE-2023-39285

SOURCES

db:NVDid:CVE-2023-39285

LAST UPDATE DATE

2023-12-18T12:33:32.403000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-39285date:2023-09-19T18:00:45.343

SOURCES RELEASE DATE

db:NVDid:CVE-2023-39285date:2023-09-14T19:16:50.847