cbcvebase.
CVE-2022-40765
published 2022-11-22

CVE-2022-40765: A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network…

PriorityP182medium6.8CVSS 3.1
AVAACLPRHUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2023-03-14
Exploited in the wild
EPSS
10.48%
95.2th percentile
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.

Affected

1 ranges
VendorProductVersion rangeFixed in
mitelmivoice_connect<= 22.22.6100.0

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2022-40765 targets the Edge Gateway component of Mitel MiVoice Connect; look for authenticated internal network requests with anomalous or injected URL parameters directed at the Edge Gateway
  • CVE-2022-40765 is actively exploited in the wild per CISA KEV; prioritize detection on Mitel MiVoice Connect Edge Gateway instances for command injection attempts
  • Exploitation results in command execution within the system context; monitor Edge Gateway processes for unexpected child process spawning or OS command execution
  • ·Exploitation requires the attacker to be authenticated and have internal network access — external/unauthenticated exploitation is not indicated by available sources
  • ·Affected versions are Mitel MiVoice Connect through 19.3 (22.22.6100.0); detections should be scoped to this version range

CVSS provenance

nvdv3.16.8MEDIUMCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vulncheck6.8MEDIUM
cisa6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.