Unpatched versions of a Linux-based Mitel VoIP (Voice over Internet Protocol) application are being exploited by ransomware gangs as a launchpad to install malware on targeted devices.
The critical Remote Code Execution (RCE) flaw, identified as CVE-2022-29499, was discovered as a zero-day vulnerability by Crowdstrike in April and has since been patched. Business phone systems and Unified Communication as a Service (UCaaS) are two services that Mitel is well known for offering to various types of enterprises. Researchers warn that threat actors are gaining initial access to victims’ surroundings using a novel remote code execution attack.
The SA 100, SA 400, and Virtual SA Mitel MiVoice appliances are all impacted, according to Crowdstrike.