CISA Warns of Exploited Mitel MiVoice Connect Vulnerabilities

February 22, 2023

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning organizations that two vulnerabilities affecting the Mitel MiVoice Connect business communications platform have been exploited in the wild. CISA has added the flaws, tracked as CVE-2022-41223 and CVE-2022-40765, to its known exploited vulnerabilities catalog and instructed federal agencies to address them until March 14. Mitel informed customers about these security holes and the availability of patches in October 2022.

A researcher from cybersecurity firm CrowdStrike has been credited by Mitel for reporting the vulnerabilities. It’s possible that these newer vulnerabilities are related to the same attacks as a Mitel MiVoice Connect flaw previously seen being exploited in the wild by cybercriminals, tracked as CVE-2022-29499. In addition, Palo Alto Networks warned earlier this month that a Mirai variant called V3G4 has been targeting 13 vulnerabilities — including a Mitel flaw, CVE-2022-26143 — in an effort to ensnare IoT devices into a botnet. CISA has also warned organizations about CVE-2022-47986, a recently patched IBM Aspera Faspex bug that has been exploited in the wild.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.