Mitel Mivoice Office 400 vulnerabilities
3 known vulnerabilities affecting mitel/mivoice_office_400.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-39293P2CRITICALCVSS 9.8≤ 7.0.92812023-08-14
CVE-2023-39293 [CRITICAL] CWE-77 CVE-2023-39293: A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller throu
A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system.
nvd
CVE-2023-39292P3CRITICALCVSS 9.8≤ 7.0.92812023-08-14
CVE-2023-39292 [CRITICAL] CWE-89 CVE-2023-39292: A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1
A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations.
nvd
CVE-2018-16226P4MEDIUMCVSS 6.1vr5.02018-10-23
CVE-2018-16226 [MEDIUM] CWE-79 CVE-2018-16226: A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1)
A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access se
nvd