Mitel Product Security Advisory 23-0001

Mitel Product Security Advisory 23-0001

MiContact Center Business Local File Inclusion Vulnerability

Advisory ID: 23-0001

Publish Date: 2023-01-18

Last Updated: 2023-01-18

Revision: 1.0

Summary

A vulnerability in the ccmweb component of MiContact Center Business server, versions 9.2.2.0 to 9.4.1.0, could allow an unauthenticated attacker to download arbitrary files due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. 

Mitel is recommending customers with affected product versions apply the available remediation.

Affected Products

Product NameProduct VersionSecurity BulletinLast Updated
MiContact Center Business9.2.2.0 to 9.4.1.0
 
23-0001-0012023-01-18

Risk Assessment

The risk for this vulnerability is rated as High. Refer to the product Security Bulletin for additional statements regarding risk.

Mitigation / Recommended Action

Customers with affected product versions are advised to update to the latest release. Mitel has also made available remediation for affected releases of MiContact Center Business. Customers are recommended to apply the remediations.
Customers are advised to review the product Security Bulletin. For additional information, contact Mitel Product Support.

Related CVEs / CWEs / Advisories

CVE-2023-22854

Revision History

VersionDateDescription
1.02023-01-18Initial Version

Stay One Step Ahead Get notifications of the latest security advisories sent right to your inbox every week!