VYPR
← All advisories
Unrated severityNVD Advisory· Published May 24, 2023· Updated Jan 31, 2025

CVE-2023-31458

CVE-2023-31458

Description

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

MiVoice Connect Edge Gateway default password allows unauthenticated internal attacker to gain admin privileges and execute arbitrary commands.

Vulnerability

A default password vulnerability exists in the Edge Gateway component of Mitel MiVoice Connect. Versions 19.3 SP2 (22.24.1500.0) and earlier do not enforce a password change during initial installation, leaving the device with known default credentials. An unauthenticated attacker with internal network access can exploit this to gain administrative privileges. [2]

Exploitation

An attacker with internal network access can connect to the Edge Gateway and use the default credentials to authenticate. No prior authentication or user interaction is required. The attacker can then perform administrative actions such as modifying configuration or executing commands. [2]

Impact

Successful exploitation grants the attacker full administrative privileges, allowing arbitrary configuration changes and remote command execution on the affected device. This can lead to complete compromise of the Edge Gateway and potentially the broader network. [2]

Mitigation

Mitel has released updated software versions that address this vulnerability. Customers should update to the latest release and enforce complex passwords for all Edge Gateway accounts. As a workaround, ensure that default credentials are changed immediately after installation. [2]

References
  1. Mitel Product Security Advisory 23-0005

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.