CVE-2022-41223
published 2022-11-22CVE-2022-41223: The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via…
PriorityP182medium6.8CVSS 3.1
AVAACLPRHUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2023-03-14
Exploited in the wild
EPSS
10.57%
95.2th percentile
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mitel | mivoice_connect | <= 22.22.6100.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-41223 targets the Director database component of Mitel MiVoice Connect; look for authenticated attacker activity involving crafted data submissions to the Director component that may indicate code-injection attempts via manipulated database data types. ↗
- →CVE-2022-41223 requires internal network access; monitor for anomalous authenticated sessions originating from internal hosts targeting the MiVoice Connect Director component, especially those submitting unexpected or oversized data payloads. ↗
- →CVE-2022-41223 is confirmed actively exploited (added to CISA KEV); prioritize detection and alerting on MiVoice Connect Director component activity in environments running versions up to 19.3 (22.22.6100.0). ↗
- ·Exploitation requires the attacker to be authenticated and have internal network access, limiting the attack surface to insider threats or attackers who have already established a foothold on the internal network. ↗
- ·The vulnerability affects MiVoice Connect through version 19.3 (22.22.6100.0); detection and patching efforts should be scoped to this version range. ↗
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vulncheck6.8MEDIUM
cisa6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7vhc-x99q-vfpj: The Director database component of MiVoice Connect through 19
ghsa_unreviewed·2022-11-22
CVE-2022-41223 [MEDIUM] CWE-94 GHSA-7vhc-x99q-vfpj: The Director database component of MiVoice Connect through 19
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.
VulnCheck
Mitel MiVoice Connect Code Injection Vulnerability
vulncheck·2022·CVSS 6.8
CVE-2022-41223 [MEDIUM] CWE-94 Mitel MiVoice Connect Code Injection Vulnerability
Mitel MiVoice Connect Code Injection Vulnerability
The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.
Affected: Mitel MiVoice Connect
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2023-03-14
CISA
Mitel MiVoice Connect Code Injection Vulnerability
cisa·2023-02-21·CVSS 6.8
CVE-2022-41223 [MEDIUM] CWE-94 Mitel MiVoice Connect Code Injection Vulnerability
Vulnerability: Mitel MiVoice Connect Code Injection Vulnerability
Affected: Mitel MiVoice Connect
The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.
Required Action: Apply updates per vendor instructions.
Notes: https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008; https://nvd.nist.gov/vuln/detail/CVE-2022-41223
Remediation Due Date: 2023-03-14
No detection rules found.
No public exploits indexed.
https://www.mitel.com/support/security-advisorieshttps://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008https://www.mitel.com/support/security-advisorieshttps://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41223
2022-11-22
Published
2023-02-21
Added to CISA KEV
Exploited in the wild