Login Sign Up

CVE-2023-22854

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in Mitel MiContact Center Business server allows unauthenticated attackers to download arbitrary files from the system by manipulating URL parameters in the ccmweb component. It affects versions 9.2.2.0 through 9.4.1.0, potentially exposing sensitive information like configuration files, credentials, or customer data.

💻 Affected Systems

Products:
  • Mitel MiContact Center Business server
Versions: 9.2.2.0 through 9.4.1.0
Operating Systems: Windows Server (typically)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the ccmweb component specifically; requires network access to the vulnerable service.

📦 What is this software?

Micontact Center Business by Mitel

View all CVEs affecting Micontact Center Business →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through retrieval of sensitive files containing credentials, configuration secrets, or customer data, leading to data breach, privilege escalation, or lateral movement.

🟠

Likely Case

Unauthenticated attackers download sensitive configuration files, logs, or customer data, potentially exposing PII, business secrets, or enabling further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to vulnerable systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation involves simple URL parameter manipulation; no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.4.2.0 or later

Vendor Advisory: https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0001

Restart Required: Yes

Instructions:

1. Download patch from Mitel support portal. 2. Backup system. 3. Apply patch following vendor instructions. 4. Restart server. 5. Verify fix.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to the ccmweb service using firewall rules to only trusted IPs.

Web Application Firewall

all

Deploy WAF with rules to block suspicious URL parameter patterns.

🧯 If You Can't Patch

  • Isolate the server in a segmented network with strict access controls.
  • Monitor logs for unusual file access patterns and implement intrusion detection.

🔍 How to Verify

Check if Vulnerable:

Check server version via admin interface or system properties; if between 9.2.2.0 and 9.4.1.0, assume vulnerable.

Check Version:

Check via Mitel admin console or system info; no universal CLI command.

Verify Fix Applied:

Verify version is 9.4.2.0 or later and test URL parameter manipulation attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file download requests in web server logs, especially with manipulated parameters.

Network Indicators:

  • HTTP requests to ccmweb with suspicious file paths in parameters.

SIEM Query:

web_logs WHERE url CONTAINS 'ccmweb' AND (url CONTAINS '../' OR url CONTAINS 'file=') AND response_code = 200

📊 Metadata

CVE ID: CVE-2023-22854
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-839
Published: February 13, 2023
Last Updated: March 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22854, you might also want to check these:

CVE-2023-0425 8.6

A numeric range comparison vulnerability in ABB Freelance controllers allows attackers to cause deni...

Same vulnerability type (CWE-839)