CVE-2022-41223 The Director database component of MiVoice Connect through 19.3 could be vulnerable to a code-injection attack.

An attacker could send malicious voice messages to an endpoint and cause it to crash. Mi Voice Connect through 19.3 (22.22.6100.0) does not strictly validate the data type of the input data before sending it to the database.

Therefore, an attacker can send specially crafted data to the Director database component through the malicious voice messages. An attacker can send malicious voice messages to an endpoint and cause it to crash. Mi Voice Connect through 19.3 (22.22.6100.0) does not strictly validate the data type of the input data before sending it to the database. Therefore, an attacker can send specially crafted data to the Director database component through the malicious voice messages. An attacker can exploit this vulnerability to send a malicious voice message to the Director and cause it to crash. An attacker can send a malicious voice message to the Director through the malicious voice message. An attacker can exploit this vulnerability to send a malicious voice message to the Director and cause it to crash. Mi Voice Connect through 19.3 (22.22.6100.0) does not strictly validate the data type of the input data before sending it to the database. Therefore, an attacker can send specially crafted data to the Director database component through the malicious voice messages. An attacker can exploit this vulnerability to send a malicious voice message to the Director and cause it to crash

Impact

An attacker can send malicious voice messages to an endpoint and cause it to crash. Mi Voice Connect through 19.3 (22.22.6100.0) does not strictly validate the data type of the input data before sending it to the database. Therefore, an attacker can send specially crafted data to the Director database component through the malicious voice messages. An attacker can exploit this vulnerability to send a malicious voice message to the Director and cause it to crash
An attacker can send a malicious voice message to the Director through the malicious voice message. An attacker can exploit this vulnerability to send a malicious voice message to the Director and cause it to crash
Mi Voice Connect through 19.3 (22.22.6100.0) does not strictly validate the data type of the input data before sending it to the database. Therefore, an attacker can send specially crafted data to the Director database component through the malicious voice messages.

Vulnerability details

An attacker could send malicious voice messages to an endpoint and cause it to crash. Mi Voice Connect through 19.3 (22.22.6100.0) does not strictly validate the data type of the input data before sending it to the database. Therefore, an attacker can send specially crafted data to the Director database component through the malicious voice messages.

Timeline

Published on: 11/22/2022 01:15:00 UTC
Last modified on: 11/26/2022 03:25:00 UTC

References

• https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008
• https://www.mitel.com/support/security-advisories
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41223