Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

Published

2022-04-26T02:15:37.107

Last Modified

2025-03-14T20:00:30.290

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-20
  • Type: Secondary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application mitel mivoice_connect ≤ 22.20.2300.0 Yes
References