CVE-2023-39286— Mitel Connect Mobility Router 跨站请求伪造漏洞

N/A

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.

N/A

N/A

Mitel Connect Mobility Router 跨站请求伪造漏洞

Mitel Connect（Mitel ShoreTel）是加拿大敏迪（Mitel）公司的一款用于办公沟通的软件。该软件可访问企业联系人、支持选择联系人开启会议、支持界面管理通话和语音邮件。 Mitel Connect Mobility Router 9.6.2304.102及之前版本存在安全漏洞，该漏洞源于请求验证不足，可能允许未经身份验证的攻击者执行跨站请求伪造 (CSRF) 攻击，攻击者利用该漏洞可以修改系统配置设置。

N/A

N/A