Mitel Product Security Advisory 23-0001
Mitel Product Security Advisory 23-0001
MiContact Center Business Local File Inclusion Vulnerability
Advisory ID: 23-0001
Publish Date: 2023-01-18
Last Updated: 2023-01-18
Revision: 1.0
Summary
A vulnerability in the ccmweb component of MiContact Center Business server, versions 9.2.2.0 to 9.4.1.0, could allow an unauthenticated attacker to download arbitrary files due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.
Mitel is recommending customers with affected product versions apply the available remediation.
Affected Products
| Product Name | Product Version | Security Bulletin | Last Updated |
|---|---|---|---|
| MiContact Center Business | 9.2.2.0 to 9.4.1.0 | 23-0001-001 | 2023-01-18 |
Risk Assessment
The risk for this vulnerability is rated as High. Refer to the product Security Bulletin for additional statements regarding risk.
Mitigation / Recommended Action
Customers with affected product versions are advised to update to the latest release. Mitel has also made available remediation for affected releases of MiContact Center Business. Customers are recommended to apply the remediations.
Customers are advised to review the product Security Bulletin. For additional information, contact Mitel Product Support.
Related CVEs / CWEs / Advisories
CVE-2023-22854
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2023-01-18 | Initial Version |