The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of two vulnerabilities that are being exploited in the wild. The vulnerabilities affect the Mitel MiVoice Connect business communications platform. The flaws have been added to the agency’s known exploited vulnerabilities catalog and federal agencies should address them before March 14.
The vulnerabilities can be exploited by an attacker with internal access to the target’s network. By leveraging the flaws, the attacker could execute arbitrary code or commands within the context of the application. Mitel informed customers about the flaws in October 2022. The company has also released a patch, and it is recommended to implement it immediately.
Read More: CISA Warns of Two Mitel Vulnerabilities Exploited in Wild