Mitel Product Security Advisory 22-0001

Mitel Product Security Advisory 22-0001

MiCollab, MiVoice Business Express Access Control Vulnerability

Advisory ID: 22-0001

Publish Date: 2022-02-22

Last Updated: 2022-03-11

Revision: 2.0

Summary

A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system. If exploited with a denial of service attack, the impacted system may cause significant outbound traffic impacting availability of other services.

Affected Products

Product NameProduct VersionSecurity BulletinLast Updated
Mitel MiCollabPrior to and including R9.4SP122-0001-0012022-02-22
MiVoice Business ExpressPrior to and including R8.122-0001-0022022-02-22

Risk Assessment

The risk of this vulnerability is rated as critical for MiCollab deployments in Server-Gateway mode without firewall protection. The severity is rated high for MiCollab deployments on protected internal networks. Refer to the product Security Bulletin(s) for additional statements regarding risk.

Mitigation / Recommended Action

N/A

External References

N/A

Related CVEs / CWEs / Advisories

CVE-2022-26143

Revision History

VersionDateDescription
1.02022-02-22Initial version
2.02022-03-11Added CVE Identifier

Stay One Step Ahead Get notifications of the latest security advisories sent right to your inbox every week!