CVE-2023-39289
Description
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated attacker can enumerate accounts on Mitel MiVoice Connect Mobility Router through 9.6.2208.101, leading to system information disclosure.
Vulnerability
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through version 9.6.2208.101 allows an unauthenticated attacker to enumerate valid accounts due to improper configuration. This information disclosure issue is identified in advisory 23-0011 [2].
Exploitation
An attacker with network access to the device can send crafted requests to enumerate usernames without any authentication required. No user interaction is needed. The exact steps are not detailed, but the vulnerability relies on the improper configuration of the Mobility Router, as noted in the advisory [2].
Impact
Successful exploitation allows the attacker to obtain system information, specifically valid account names, which could aid in further attacks such as brute force or targeted phishing. The risk is rated as medium [2].
Mitigation
Mitel has released software version 9.6.2304.102 which fixes this vulnerability. Customers are advised to update to the latest release. No workaround is provided. The advisory recommends contacting Product Support for additional information [2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Mitel/MiVoice Connectdescription
- Range: <=9.6.2208.101
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.