"CISA Adds IBM Aspera Faspex and Mitel MiVoice to Known Exploited Vulnerabilities Catalog"
The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has added actively exploited vulnerabilities in IBM Aspera Faspex and Mitel MiVoice to its Known Exploited Vulnerabilities (KEV) Catalog. The code execution vulnerability in IBM Aspera Faspex allows a remote attacker to execute arbitrary code on the system. The flaw stems from an issue with YAML deserialization. A code injection vulnerability in Mitel MiVoice Connect could allow an authenticated attacker with access to the internal network to execute code within the context of the application. According to researchers, the Mitel Edge Gateway component of MiVoice Connect enables an authenticated attacker with internal network access to execute commands within the system's context. This article continues to discuss the actively exploited flaws found in IBM Aspera Faspex and Mitel MiVoice that have been added to CISA's KEV Catalog.