Mitel Product Security Advisory 24-0001
MiContact Center Business Information Disclosure Vulnerability
Advisory ID: 24-0001
Publish Date: 2024-02-29
Last Updated: 2024-03-05
Revision: 2.0
Summary
An information disclosure vulnerability has been identified in the legacy chat components of Mitel MiContact Center Business which, if successfully exploited, could allow a malicious actor to access sensitive information and potentially conduct unauthorized actions within the vulnerable component.
Mitel is recommending customers with affected product versions update to the latest release.
Affected Products
| Product Name | Product Version | Security Bulletin | Last Updated |
|---|---|---|---|
| MiContact Center Business | 10.0.0.4 and earlier | 24-0001-001 | 2024-03-05 |
Risk Assessment
The risk of this vulnerability is rated as High. Refer to the product Security Bulletin(s) for additional statements regarding risk.
Mitigation / Recommended Action
Customers are advised to update their software to the latest versions and apply the available hotfix.
For additional information, contact Product Support.
Related CVEs / CWEs / Advisories
CVE-2024-28069
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2024-02-29 | Initial version |
| 2.0 | 2024-03-05 | Updated the CVE Number |