Search
On this page ▾
CVE-2022-41223 — Mitel MiVoice Connect Code Injection Vulnerability

CVE-2022-41223

Mitel MiVoice Connect Director — Authenticated Code Injection Exploited Alongside CVE-2022-40765 in Ransomware Campaigns
⚠️ CVSS 3.1  6.8 / 10 — MEDIUM 🔴 CISA Known Exploited Vulnerability

What is Mitel MiVoice Connect?

Mitel MiVoice Connect is an enterprise unified communications platform. The Director component is the central management server for the MiVoice Connect system, controlling configuration, users, and system-wide settings. See also CVE-2022-40765 for the related command injection vulnerability in the Edge Gateway component. Both CVEs were added to KEV on the same day following ransomware exploitation.

Overview

CVE-2022-41223 is a code injection vulnerability (CWE-94) in the Director component of Mitel MiVoice Connect. An authenticated attacker with internal network access can inject and execute code within the application context of the Director. Combined with CVE-2022-40765, this provides threat actors with multiple execution vectors across the MiVoice Connect platform.

Affected Versions

Product Vulnerable Fixed
MiVoice Connect ≤ 19.3 SP2 (22.24.1500.0) 19.3 SP3

Technical Details

The Director component does not properly validate or sanitize user-supplied input before incorporating it into code execution paths (CWE-94). An authenticated admin-level attacker on the internal network can inject malicious code that executes within the Director's application context.

  • Attack vector: Adjacent — internal network access required
  • Authentication required: High — admin-level MiVoice credentials
  • Impact: Code execution within the Director application context
  • Combined exploitation: Used alongside CVE-2022-40765 (Edge Gateway command injection) to achieve broader compromise of the MiVoice Connect infrastructure

Discovery

Reported to Mitel via coordinated disclosure.

Exploitation Context

Confirmed ransomware exploitation; added to KEV February 2023. Threat actors used MiVoice Connect vulnerabilities to establish a foothold in enterprise telephony infrastructure before pivoting to broader network compromise and ransomware deployment.

Remediation

  1. Upgrade MiVoice Connect to version 19.3 SP3 or later
  2. Restrict Director management interface access to trusted administrator IPs only
  3. Rotate all administrative credentials for MiVoice Connect
  4. Review Director logs for unauthorized access or unexpected code execution

Key Details

PropertyValue
CVE ID CVE-2022-41223
Vendor / Product Mitel — MiVoice Connect
NVD Published2022-11-22
NVD Last Modified2025-11-03
CVSS 3.1 Score6.8
CVSS 3.1 VectorCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
SeverityMEDIUM
CWE CWE-94 find similar ↗
CISA KEV Added2023-02-21
CISA KEV Deadline2023-03-14
Known Ransomware Use ⚠️ Yes

CVSS 3.1 Breakdown

Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Required Action

CISA BOD 22-01 Deadline: 2023-03-14. Apply updates per vendor instructions.

Timeline

DateEvent
2022-11-22Mitel publishes security advisory; CVE published
2023-02-21Added to CISA Known Exploited Vulnerabilities catalog (alongside CVE-2022-40765)
2023-03-14CISA BOD 22-01 remediation deadline

References

ResourceType
Mitel Security Advisory MSA-22-0008 Vendor Advisory
NVD — CVE-2022-41223 Vulnerability Database
CISA KEV Catalog Entry US Government

Last updated: 2026-05-24

Suggest an update ↗

Gavin Hollinger & AI assembled this air-gap friendly HTML