CVE-2022-29499 — Mitel MiVoice Connect

known ransomware use

Mitel MiVoice Connect Data Validation Vulnerability

Added to KEV

2022-06-27

Federal due date

2022-07-18

Vendor

Mitel

Product

MiVoice Connect

EPSS

99.5th percentile (score 0.886, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Known

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2022-29499

CISA short description

The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.