NVD disclosure day

Published threat advisories for November 22, 2022

CVE advisoryKnown Exploit

CVE-2022-41223

Mitel MiVoice Connect Code Injection Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in the MiVoice Connect Director database component allows an authenticated attacker to inject code. This could lead to unauthorized access and disruption of services. Affected organizations should apply vendor updates to mitigate business risk.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2022-40765

Mitel MiVoice Connect Command Injection Vulnerability

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An authenticated attacker with internal network access can exploit a command injection vulnerability in Mitel MiVoice Connect. This could result in unauthorized command execution, impacting affected systems and potentially leading to data compromise or disruption. The business risk necessitates prompt attention to miti

NVD published: • CISA KEV