27 June 2022

Mitel MiVoice Connect zero-day vulnerability used by ransomware operators


Mitel MiVoice Connect zero-day vulnerability used by ransomware operators

Cybersecurity researchers are warning about a zero-day vulnerability in Mitel MiVoice Connect product, which is actively exploited in the wild at least by one ransomware gang.

Mitel MiVoice Connect is a voice over IP (VOIP) phone used by various organizations for telephony services.

As the cybersecurity researchers from CrowdStrike said in their recent report, a threat actor used the critical remote code execution vulnerability (CVE-2022-29499) in Mitel MiVoice Connect to gain initial access to one of their customers’ network. This threat actor is believed to be a ransomware operator, but CrowdStrike didn’t attribute this attack to a specific operation. Anyway, the intrusion was detected and stopped before the encryption.

The vulnerability resides in the Mitel Service Appliance component of MiVoice Connect, used in SA 100, SA 400, and Virtual SA products. Using this flaw, a remote attacker can execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the Mitel Service Appliance component. A remote unauthenticated attacker can send a specially crafted HTTP GET request to the application and execute arbitrary OS commands on the target system. Successful exploitation of this flaw may result in complete compromise of vulnerable system.

Mitel didn’t release an official fix for this vulnerability, but did address it in April with the release of a remediation script for MiVoice Connect versions 19.2 SP3 and earlier and R14.x and earlier.

Back to the list

Latest Posts

Argentina's Judiciary of Cordoba targeted with ransomware

Argentina's Judiciary of Cordoba targeted with ransomware

The incident described as “worst attack on public institutions in history” impacted the agency’s website, digital services and databases.
16 August 2022
Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine

Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine

The group’s targets include defense and intelligence consulting companies, NGOs, IGOs, and higher education institutions.
16 August 2022
Russia-linked Gamaredon is continuing to target Ukrainian orgs with info-stealers

Russia-linked Gamaredon is continuing to target Ukrainian orgs with info-stealers

In the observed campaign the attackers leveraged a self-extracting 7-Zip file, which was downloaded via the system’s default browser.
15 August 2022