CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The...

Basic Information

CVE State: PUBLISHED
Reserved Date: April 19, 2022
Published Date: April 26, 2022
Last Updated: January 29, 2025
Vendor: n/a
Product: n/a
Description: The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-06-27 00:00:00 UTC) Source
Used in Malware: Yes (added 2022-06-27 00:00:00 UTC) Source

References

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0002

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-06-27 00:00:00 UTC