CVE-2023-39292

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 14, 2023

Updated: Aug 21, 2023

CWE ID 89

Summary

CVE-2023-39292 is a SQL Injection vulnerability affecting the MiVoice Office 400 SMB Controller versions through 1.2.5.23. This issue enables malicious actors to access confidential data and execute unauthorized database and management operations. Successful exploitation could potentially result in serious data breaches or system compromise. Users are advised to update their software to the latest patch or implement mitigation measures to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mitel Networks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sIWqCp
https://www.cve.org/CVERecord?id=CVE-2023-39292
https://nvd.nist.gov/vuln/detail/CVE-2023-39292

Back to Vulnerability Database

CVE-2023-39292

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations