CVE-2023-22854

high

Description

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.

References

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0001

https://www.mitel.com/support/security-advisories

Details

Source: Mitre, NVD

Published: 2023-02-13

Updated: 2023-02-23

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N