CISA Warns of Exploited Mitel MiVoice Connect Vulnerabilities

February 22, 2023

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning organizations that two vulnerabilities affecting the Mitel MiVoice Connect business communications platform have been exploited in the wild. CISA has added the flaws, tracked as CVE-2022-41223 and CVE-2022-40765, to its known exploited vulnerabilities catalog and instructed federal agencies to address them until March 14. Mitel informed customers about these security holes and the availability of patches in October 2022.

A researcher from cybersecurity firm CrowdStrike has been credited by Mitel for reporting the vulnerabilities. It’s possible that these newer vulnerabilities are related to the same attacks as a Mitel MiVoice Connect flaw previously seen being exploited in the wild by cybercriminals, tracked as CVE-2022-29499. In addition, Palo Alto Networks warned earlier this month that a Mirai variant called V3G4 has been targeting 13 vulnerabilities — including a Mitel flaw, CVE-2022-26143 — in an effort to ensnare IoT devices into a botnet. CISA has also warned organizations about CVE-2022-47986, a recently patched IBM Aspera Faspex bug that has been exploited in the wild.

Related News

• IBM Aspera Faspex Vulnerability Exploited in Attacks

Latest News

• VMware Issues Critical Fix for Vulnerability
• Exploiting Windows Backup and Restore Service Vulnerability
• Apple Updates Security Advisories to Add New iOS and macOS Vulnerabilities
• Critical Vulnerability in FortiNAC Exploited
• GoDaddy Discloses Series of Cyber Attacks