Sign-up

ID

VAR-202305-2357


CVE

CVE-2023-31459


TITLE

Mitel Networks Corporation  of  MiVoice Connect  Vulnerability related to password management function in

Trust: 0.8

sources: JVNDB: JVNDB-2023-007350

DESCRIPTION

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. Mitel Networks Corporation of MiVoice Connect Contains a vulnerability related to the password management function.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-31459 // JVNDB: JVNDB-2023-007350 // VULMON: CVE-2023-31459

AFFECTED PRODUCTS

vendor:mitelmodel:mivoice connectscope:lteversion:9.6.2208.101

Trust: 1.0

vendor:mitelmodel:mivoice connectscope: - version: -

Trust: 0.8

vendor:mitelmodel:mivoice connectscope:lteversion:9.6.2208.101 and earlier

Trust: 0.8

vendor:mitelmodel:mivoice connectscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-007350 // NVD: CVE-2023-31459

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-31459
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202305-2165
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-31459
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-007350 // NVD: CVE-2023-31459 // CNNVD: CNNVD-202305-2165

PROBLEMTYPE DATA

problemtype:CWE-640

Trust: 1.0

problemtype:How weak password recovery works if you forget your password (CWE-640) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-007350 // NVD: CVE-2023-31459

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202305-2165

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202305-2165

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-31459

PATCH
title:Mitel MiVoice Connect Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=240063
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202305-2165

EXTERNAL IDS
db:NVDid:CVE-2023-31459
Trust: 3.3
db:JVNDBid:JVNDB-2023-007350
Trust: 0.8
db:CNNVDid:CNNVD-202305-2165
Trust: 0.6
db:VULMONid:CVE-2023-31459
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-31459 // 
            
            
            
            JVNDB: JVNDB-2023-007350 // 
            
            
            
            NVD: CVE-2023-31459 // 
            
            
            
            CNNVD: CNNVD-202305-2165

REFERENCES
url:https://www.mitel.com/support/security-advisories
Trust: 2.5
url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0006
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2023-31459
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-31459/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-31459 // 
            
            
            
            JVNDB: JVNDB-2023-007350 // 
            
            
            
            NVD: CVE-2023-31459 // 
            
            
            
            CNNVD: CNNVD-202305-2165

SOURCES
db:VULMONid:CVE-2023-31459
db:JVNDBid:JVNDB-2023-007350
db:NVDid:CVE-2023-31459
db:CNNVDid:CNNVD-202305-2165

LAST UPDATE DATE
2023-12-18T12:33:44.581000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-31459date:2023-05-25T00:00:00
db:JVNDBid:JVNDB-2023-007350date:2023-11-21T08:08:00
db:NVDid:CVE-2023-31459date:2023-06-01T16:10:15.467
db:CNNVDid:CNNVD-202305-2165date:2023-06-02T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-31459date:2023-05-24T00:00:00
db:JVNDBid:JVNDB-2023-007350date:2023-11-21T00:00:00
db:NVDid:CVE-2023-31459date:2023-05-24T20:15:10.033
db:CNNVDid:CNNVD-202305-2165date:2023-05-24T00:00:00