CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The...

Basic Information

CVE State: PUBLISHED
Reserved Date: April 19, 2022
Published Date: April 26, 2022
Last Updated: January 29, 2025
Vendor: n/a
Product: n/a
Description: The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2022-06-27 00:00:00 UTC) Source
Used in Malware: Yes (added 2022-06-27 00:00:00 UTC) Source

References

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0002

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-06-27 00:00:00 UTC

Timeline

CVE ID Reserved

April 19, 2022
CVE Published to Public

April 26, 2022
Exploit Used in Malware

June 27, 2022
Added to KEVIntel

June 27, 2022