CVE-2023-31457
Description
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An improper access control vulnerability in Mitel MiVoice Connect Headquarters server allows an unauthenticated attacker with internal network access to execute arbitrary scripts.
Vulnerability
An improper access control vulnerability exists in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier, as well as in the Windows DVS and Linux DVS server components [2]. The vulnerability allows an unauthenticated attacker with internal network access to execute arbitrary scripts on the affected systems [2].
Exploitation
An unauthenticated attacker with internal network access can exploit the improper access control to execute arbitrary scripts on the Headquarters server component [2]. No authentication or user interaction is required for exploitation [2].
Impact
Successful exploitation allows an attacker to execute arbitrary scripts, potentially leading to full compromise of the affected system, including data disclosure, modification, or denial of service [2].
Mitigation
Mitel has released software updates to address this vulnerability. Customers are advised to upgrade to the latest version of MiVoice Connect [2]. No workarounds are available at this time [2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Mitel/MiVoice Connectdescription
- Range: <=19.3 SP2 (22.24.1500.0)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.