Mitel Product Security Advisory 24-0015

Mitel Product Security Advisory 24-0015

MiCollab Argument Injection Vulnerability

Advisory ID: 24-0015

Publish Date: 2024-05-23

Last Updated: 2024-11-06

Revision: 3.0

Summary

An argument injection vulnerability has been identified in the MiCollab desktop client of Mitel MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) which, if successfully exploited, could allow a malicious actor to execute arbitrary scripts. 

Mitel is recommending customers with affected product versions update to the latest release.

Affected Products

Security Bulletins are being issued for the following products:

Product NameProduct VersionSecurity BulletinLast Updated
MiCollab9.7.1.110 and earlier 24-0015-0012024-11-06
MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25 24-0015-001
 
2024-11-06

Risk Assessment

The risk of this vulnerability is rated as High. Refer to the product Security Bulletin(s) for additional statements regarding risk.

Mitigation / Recommended Action

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions. 

For additional information, contact Product Support. 

Related CVEs / CWEs / Advisories

CVE-2024-35314

Revision History

VersionDateDescription
1.02024-05-23 Initial version 
2.02024-06-05
 
Updated the Security Bulletin
 
3.02024-11-06Updated the Security Bulletin

Stay One Step Ahead Get notifications of the latest security advisories sent right to your inbox every week!