Mitel Product Security Advisory 22-0002

MiVoice Connect Data Validation Vulnerability

Advisory ID: 22-0002

Publish Date: 2022-04-19

Last Updated: 2022-04-21

Revision: 2.0

 

Summary

A vulnerability has been identified in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances – SA 100, SA 400, and Virtual SA) which could allow a malicious actor to perform remote code execution (CVE-2022-29499) within the context of the Service Appliance.

This vulnerability was privately reported to Mitel.

Mitel is recommending customers with affected product versions apply the available remediation.

Credit is given to Patrick Bennett of CrowdStrike for highlighting the issue and bringing to our attention.

 

Affected Products

 

Risk Assessment

The risk of this vulnerability is rated as Critical.

The vulnerability relates exclusively to deployments that include MiVoice Connect Service Appliances, SA 100, SA 400 and/or Virtual SA.

Refer to the product Security Bulletin ID: 22-0002-001 for additional statements regarding risk.

 

Mitigation / Recommended Action

Mitel has provided a script for remediation. Customers are advised to apply the available remediation.

Customers are advised to review the product Security Bulletin ID: 22-0002-001. For additional information, contact Product Support.

 

Related CVEs / CWEs / Advisories

CVE-2022-29499

 

Revision History

Version Date Description
1.0 2022-04-19 Initial version
2.0 2022-04-21 Updated product bulletin with revised Mitel Knowledge Base link
Är du redo att prata med en säljare? Kontakta oss.