CVE-2023-39291
Description
A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An information disclosure vulnerability in MiVoice Connect Mobility Router allows authenticated attackers with elevated privileges to view system information due to improper configuration, affecting versions through 9.6.2304.102.
Vulnerability
An information disclosure vulnerability exists in the Connect Mobility Router component of MiVoice Connect through version 9.6.2304.102 [2]. This is due to improper configuration, allowing an authenticated attacker with elevated privileges to access system information.
Exploitation
An attacker must be authenticated with elevated privileges on the affected system. No additional user interaction is required. The attacker can leverage the improper configuration to view system information, such as configuration details or sensitive data.
Impact
Successful exploitation results in unauthorized disclosure of system information, compromising confidentiality. The attacker already has elevated privileges, so no privilege escalation occurs, but sensitive data may be exposed.
Mitigation
Mitel has released software updates to address this vulnerability [2]. Customers are advised to update their MiVoice Connect installations to the latest version. No workarounds have been provided. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Mitel/MiVoice Connectdescription
- Range: <= 9.6.2304.102
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.