{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-39286", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T18:02:06.906Z", "dateReserved": "2023-07-27T00:00:00", "datePublished": "2023-09-14T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-14T18:37:01.854767"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0015"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:02:06.906Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0015", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mitel:connect_mobility_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "95732356-9292-4D88-9346-28F4328919ED", "versionEndExcluding": "9.6.2307.111", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings."}, {"lang": "es", "value": "Una vulnerabilidad en el componente Connect Mobility Router de Mitel MiVoice Connect hasta 9.6.2304.102 podr\u00eda permitir que un atacante no autenticado realice un ataque de Cross Site Request Forgery (CSRF) debido a una validaci\u00f3n de la solicitud insuficiente. Un exploit exitoso podr\u00eda permitir a un atacante proporcionar una URL modificada, lo que potencialmente le permitir\u00eda modificar la configuraci\u00f3n del sistema."}], "id": "CVE-2023-39286", "lastModified": "2023-09-19T18:04:08.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-14T19:16:50.907", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0015"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}