{"api_version":"1","generated_at":"2026-04-23T01:14:54+00:00","cve":"CVE-2023-32748","urls":{"html":"https://cve.report/CVE-2023-32748","api":"https://cve.report/api/cve/CVE-2023-32748.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-32748","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-32748"},"summary":{"title":"CVE-2023-32748","description":"The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-08-14 18:15:00","updated_at":"2023-08-22 15:06:00"},"problem_types":["CWE-863"],"metrics":[],"references":[{"url":"https://www.mitel.com/support/security-advisories","name":"https://www.mitel.com/support/security-advisories","refsource":"MISC","tags":[],"title":"Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004","name":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004","refsource":"MISC","tags":[],"title":"Mitel Product Security Advisory 23-0004","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-32748","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32748","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"32748","vulnerable":"1","versionEndIncluding":"22.24.1500.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mitel","cpe5":"mivoice_connect","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-32748","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.mitel.com/support/security-advisories","refsource":"MISC","name":"https://www.mitel.com/support/security-advisories"},{"refsource":"MISC","name":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004","url":"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004"}]}},"nvd":{"publishedDate":"2023-08-14 18:15:00","lastModifiedDate":"2023-08-22 15:06:00","problem_types":["CWE-863"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*","versionEndIncluding":"22.24.1500.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}