New CVE - Security Vulnerabilities in MiVoice Office 400 SMB Controller

Aug 14, 2023

MiVoice Office 400 SMB Controller is an essential component used by businesses to manage their communication infrastructure. However, recent CVEs highlight new security vulnerabilities identified in this system.

1. CVE-2023-39293: Command Injection Vulnerability

This security vulnerability has been identified in MiVoice Office 400 SMB Controller versions up to 1.2.5.23. Attackers can exploit this vulnerability to manipulate commands within the system and inject arbitrary commands. This can allow attackers to impersonate authorized users within the system, potentially leading to taking control of the device.
The risk of this vulnerability goes beyond unauthorized access. Attackers can potentially access all data within the system, modify settings, and even disable the system using malicious commands. This can endanger business continuity and lead to sensitive data leaks.

2. CVE-2023-39292: SQL Injection Vulnerability

Present in the same versions of MiVoice Office 400 SMB Controller, this vulnerability exposes sensitive data to SQL injection attacks. Attackers can use this vulnerability to inject malicious SQL queries into the database. Such an attack can provide unauthorized access to data within the system and result in severe consequences, including deleting, altering, or stealing data from the database.
Exploiting this vulnerability can put sensitive business data at risk, violate legal and regulatory requirements, and endanger business continuity.

3. CVE-2023-32748: Unauthorized Script Execution Vulnerability

Versions of MiVoice Connect up to 19.3 SP2 (22.24.1500.0) have a vulnerability that allows an unauthorized attacker with internal network access to execute malicious scripts. This security vulnerability arises due to inadequate access controls, allowing attackers to execute malicious scripts to impact the system.
As a result of such an attack, the attacker can disable the system, cause data damage, and even jeopardize business continuity.

These security vulnerabilities underscore the potential threat MiVoice Office 400 SMB Controller poses to businesses. Therefore, system administrators and security professionals should take the necessary measures to address these vulnerabilities. Among these measures are regular updates, tightening access controls, and configuring security firewalls effectively.

Source: MITRE

NVD Published Date: 08/14/2023

NVD Last Modified: 08/14/2023

CVE-2023-39293: Command Injection Vulnerability

CVE-2023-39292: SQL Injection Vulnerability

CVE-2023-32748: Unauthorized Script Execution Vulnerability

CVE - Released 14 august 2023 List in Our Forum

Trending

The Silent Threat in Systems: Two New Vulnerabilities in Tenable Network Monitor

2025 Vulnerabilities in Real Estate Software

Critical Security Vulnerabilities in Dell ControlVault3 Firmware

Remote Code Execution in EV Charging Stations

Server-Side Request Forgery (SSRF) Vulnerability in SmartRobot by INTUMIT

Critical CSRF Vulnerability in Siemens SIMATIC S7-1200 PLCs: Exploitation and Defense

Prisma Access Browser Security Update: Take Action to Address Critical Vulnerabilities

New CVE - Security Vulnerabilities in MiVoice Office 400 SMB Controller

New CVE - Security Vulnerabilities in MiVoice Office 400 SMB Controller

Post a Comment

İletişim Formu