Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39293 | 1 Mitel | 3 Mivoice Office 400, Mivoice Office 400 Smb Controller, Mivoice Office 400 Smb Controller Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. | |||||
| CVE-2023-39292 | 1 Mitel | 3 Mivoice Office 400, Mivoice Office 400 Smb Controller, Mivoice Office 400 Smb Controller Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. | |||||
| CVE-2018-16226 | 1 Mitel | 1 Mivoice Office 400 | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information. | |||||