VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 25, 2023· Updated Oct 2, 2024

CVE-2023-39288

CVE-2023-39288

Description

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Mitigates command argument injection in Mitel MiVoice Connect Mobility Router (through 9.6.2304.102) allowing authenticated attackers to access network info and generate excessive traffic.

Vulnerability

A command argument injection vulnerability exists in the Connect Mobility Router component of Mitel MiVoice Connect through version 9.6.2304.102. The flaw arises from insufficient parameter sanitization, allowing an authenticated attacker with elevated privileges and internal network access to inject commands into a router function [1][2].

Exploitation

An attacker must be authenticated with elevated privileges and have internal network access to the affected device. The attacker can then send specially crafted requests containing injected command arguments to the Mobility Router; no additional user interaction or race condition is required [1][2].

Impact

Successful exploitation permits the attacker to access network information and to generate excessive network traffic, potentially leading to denial-of-service conditions or information disclosure. The compromise is limited to the scope of the router process and does not directly provide root-level access on the host system [1][2].

Mitigation

Mitel has released updated software to address the vulnerability. Customers are advised to update their MiVoice Connect installation to the latest version (post 9.6.2304.102) as recommended in Mitel Product Security Advisory 23-0011. No workaround is documented; the sole recommended action is to apply the software update [2].

References
  1. Security advisories
  2. Mitel Product Security Advisory 23-0011

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.