HTTP: MiVoice Connect Command Injection
his signature detects attempts to exploit a known vulnerability against MiVoice Connect. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.
Affected Products
Mitel mivoice_connect
References
CVE: CVE-2022-29499
Short Name
HTTP:CTS:MIVOICECONNECT-CMD-INJ
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-29499 Command Connect Injection MiVoice
Release Date
04/28/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3803
False Positive
Unknown
Vendors
Mitel