The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.
References
| Link | Resource |
|---|---|
| https://www.mitel.com/support/security-advisories | Vendor Advisory |
| https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008 | Vendor Advisory |
| https://www.mitel.com/support/security-advisories | Vendor Advisory |
| https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008 | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41223 | US Government Resource |
Configurations
History
03 Nov 2025, 18:07
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | ||
| References | () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41223 - US Government Resource |
22 Oct 2025, 00:18
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2025, 20:19
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2025, 19:19
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Nov 2024, 07:22
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.mitel.com/support/security-advisories - Vendor Advisory | |
| References | () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008 - Vendor Advisory |
Information
Published : 2022-11-22 01:15
Updated : 2025-11-03 18:07
NVD link : CVE-2022-41223
Mitre link : CVE-2022-41223
CVE.ORG link : CVE-2022-41223
JSON object : View
Products Affected
mitel
- mivoice_connect
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')