Mitel Product Security Advisory 22-0001
Mitel Product Security Advisory 22-0001
MiCollab, MiVoice Business Express Access Control Vulnerability
Advisory ID: 22-0001
Publish Date: 2022-02-22
Last Updated: 2022-03-11
Revision: 2.0
Summary
A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system. If exploited with a denial of service attack, the impacted system may cause significant outbound traffic impacting availability of other services.
Affected Products
| Product Name | Product Version | Security Bulletin | Last Updated |
|---|---|---|---|
| Mitel MiCollab | Prior to and including R9.4SP1 | 22-0001-001 | 2022-02-22 |
| MiVoice Business Express | Prior to and including R8.1 | 22-0001-002 | 2022-02-22 |
Risk Assessment
The risk of this vulnerability is rated as critical for MiCollab deployments in Server-Gateway mode without firewall protection. The severity is rated high for MiCollab deployments on protected internal networks. Refer to the product Security Bulletin(s) for additional statements regarding risk.
Mitigation / Recommended Action
N/A
External References
N/A
Related CVEs / CWEs / Advisories
CVE-2022-26143
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2022-02-22 | Initial version |
| 2.0 | 2022-03-11 | Added CVE Identifier |