Attacker Targets RCE Bug in Mitel MiVoice VoIP Appliances

An RCE zero-day in unpatched versions of a Linux-based Mitel VoIP application is the new threat to tens of thousands of devices, with most in the U.S. and U.K. The flaw occurs due to insufficient data validation for a diagnostic script, which allows remote and unauthorized attackers to add commands with specially crafted requests. Experts suggest admins apply the mitigations quickly.