Command-Injection Vulnerability in Mitel MiVoice Connect Edge Gateway

Command-Injection Vulnerability in Mitel MiVoice Connect Edge Gateway

CVE-2022-40765 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.

Learn more about our Internal Network Penetration Testing.