{"api_version":"1","generated_at":"2026-04-22T23:31:16+00:00","cve":"CVE-2023-31457","urls":{"html":"https://cve.report/CVE-2023-31457","api":"https://cve.report/api/cve/CVE-2023-31457.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-31457","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-31457"},"summary":{"title":"CVE-2023-31457","description":"A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-05-24 20:15:00","updated_at":"2023-06-01 02:15:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.mitel.com/support/security-advisories","name":"https://www.mitel.com/support/security-advisories","refsource":"MISC","tags":[],"title":"Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004","name":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004","refsource":"MISC","tags":[],"title":"Mitel Product Security Advisory 23-0004","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-31457","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31457","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"31457","vulnerable":"1","versionEndIncluding":"22.24.1500.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mitel","cpe5":"mivoice_connect","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-31457","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.mitel.com/support/security-advisories","refsource":"MISC","name":"https://www.mitel.com/support/security-advisories"},{"refsource":"MISC","name":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004","url":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004"}]}},"nvd":{"publishedDate":"2023-05-24 20:15:00","lastModifiedDate":"2023-06-01 02:15:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*","versionEndIncluding":"22.24.1500.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}