← Voltar para CVEs
CVE-2022-29499
CRITICALCISA KEV9.8
Descricao
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/26/2022
Ultima modificacao11/3/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorMitel
ProdutoMiVoice Connect
Nome da vulnerabilidadeMitel MiVoice Connect Data Validation Vulnerability
Data inclusao KEV2022-06-27
Prazo de remediacao2022-07-18
Uso em ransomwareKnown
Produtos afetados
mitel:mivoice_connect
Fraquezas (CWE)
CWE-20CWE-20
Referencias
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0002(cve@mitre.org)
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0002(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-29499(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.