SB2023011908 - Local File Inclusion in Mitel MiContact Center Business

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023011908

SB2023011908 - Local File Inclusion in Mitel MiContact Center Business

Published: January 19, 2023

Security Bulletin ID SB2023011908
Severity
High
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Information disclosure (CVE-ID: CVE-2023-22854)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to insufficient restriction of URL parameters in the ccmweb component. A remote attacker can download arbitrary files and access to sensitive information.


Remediation

Install update from vendor's website.

References