CVE-2023-39286 (connect_mobility_router)

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.

attack attacker configuration connect csrf cve exploit forgery mitel mivoice mobility request router settings system unauthenticated url validation vulnerability