Mitel Vulnerability – CVE-2022-31784
In early June Mitel released details of a vulnerability under security bulletin 22-0005-001.
This has been assigned CVE-2022-31784, with a critical rating of 9.8 out of 10.0, Mitel state this risk is high for systems with appropriately controlled management access.
This vulnerability was reported privately to Mitel who have provided updates to the affected products, at the time of writing there are no details of a public exploit, or exploitation.
Affected products include MiVoIce Business and MiVoIce Business Express.
Product Name | Product Version |
MiVoice Business | Prior to and including 9.3.0.27 |
MiVoice Business Express | Prior to and including 8.1.2.801 |
The vulnerability affects the management interface of these platforms and can enable a malicious entity to compromise an affected device.
Mitel have provided updates and guidance for mitigating this issue, along with remediation scripts.
Daisy’s support teams are ensuring any affected equipment has been appropriately resolved, if you have any concerns or you require assistance on this matter, please contact Daisy via our Service Desk team on 0330 024 3333 or our Customer Portal.
If you are responsible for any affected devices, please refer to Mitel’s guidance within the advisory below.
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0005