CVE-2022-40765
Published: 22 November 2022
Summary
CVE-2022-40765 is a medium-severity Command Injection (CWE-77) vulnerability in Mitel Mivoice Connect. Its CVSS base score is 6.8 (Medium).
Operationally, ranked in the top 13.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).
Deeper analysis
A command-injection vulnerability exists in the Edge Gateway component of Mitel MiVoice Connect releases through 19.3 (22.22.6100.0). The flaw stems from insufficient validation of URL parameters and is tracked as CWE-77. An authenticated attacker on the adjacent network can supply crafted input that results in arbitrary command execution on the affected gateway.
Successful exploitation grants the attacker full control over confidentiality, integrity, and availability of the target component. The CVSS 3.1 score of 6.8 reflects the requirement for high-privileged internal access and the absence of user interaction, yet still indicates high impact once the injection succeeds.
Mitel has published security advisory 22-0007 detailing the issue and directing customers to apply vendor-supplied updates. The vulnerability also appears in the CISA Known Exploited Vulnerabilities catalog, confirming observed exploitation in the wild.
The associated EPSS score remains low, with a recorded peak of 0.0404.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-44031
Vulnerability details
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.
- CWE(s)
- KEV Date Added
- 21 February 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of URL parameters to block command-injection payloads before they reach the Edge Gateway.
Enforces access-control decisions on supplied parameters so that only permitted actions are executed by the authenticated session.
Limits the privileges available to the authenticated internal user, reducing the scope of commands that can be injected via the vulnerable parameters.