Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jul 18, 2022

CVE-2022-29499

High
EPSS 88.6%CISA KEVRansomware
Mitel/MiVoice Connect

Description

The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.

EPSS — Exploit Probability

88.6%

Higher than 99.5% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2022-29499

Risk Assessment

CRITICAL
In CISA KEV
High EPSS
Ransomware

Details

Severity
High
EPSS
88.6%
CISA KEV
Yes
Ransomware
Known
Articles
0

Timeline

Published

Jun 27, 2022

Added to KEV

Jun 27, 2022

Remediation Due

Jul 18, 2022

Affected Product

Mitel

MiVoice Connect

View all Mitel CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE