CISA Warns of Exploited Mitel MiVoice Connect Vulnerabilities
February 22, 2023
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning organizations that two vulnerabilities affecting the Mitel MiVoice Connect business communications platform have been exploited in the wild. CISA has added the flaws, tracked as CVE-2022-41223 and CVE-2022-40765, to its known exploited vulnerabilities catalog and instructed federal agencies to address them until March 14. Mitel informed customers about these security holes and the availability of patches in October 2022.
A researcher from cybersecurity firm CrowdStrike has been credited by Mitel for reporting the vulnerabilities. It’s possible that these newer vulnerabilities are related to the same attacks as a Mitel MiVoice Connect flaw previously seen being exploited in the wild by cybercriminals, tracked as CVE-2022-29499. In addition, Palo Alto Networks warned earlier this month that a Mirai variant called V3G4 has been targeting 13 vulnerabilities — including a Mitel flaw, CVE-2022-26143 — in an effort to ensnare IoT devices into a botnet. CISA has also warned organizations about CVE-2022-47986, a recently patched IBM Aspera Faspex bug that has been exploited in the wild.
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.