Mitel Product Security Advisory 24-0015
MiCollab Argument Injection Vulnerability
Advisory ID: 24-0015
Publish Date: 2024-05-23
Last Updated: 2024-11-06
Revision: 3.0
Summary
An argument injection vulnerability has been identified in the MiCollab desktop client of Mitel MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) which, if successfully exploited, could allow a malicious actor to execute arbitrary scripts.
Mitel is recommending customers with affected product versions update to the latest release.
Affected Products
Security Bulletins are being issued for the following products:
| Product Name | Product Version | Security Bulletin | Last Updated |
|---|---|---|---|
| MiCollab | 9.7.1.110 and earlier | 24-0015-001 | 2024-11-06 |
| MiVoice Business Solution Virtual Instance (MiVB SVI) | 1.0.0.25 | 24-0015-001 | 2024-11-06 |
Risk Assessment
The risk of this vulnerability is rated as High. Refer to the product Security Bulletin(s) for additional statements regarding risk.
Mitigation / Recommended Action
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
For additional information, contact Product Support.
Related CVEs / CWEs / Advisories
CVE-2024-35314
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2024-05-23 | Initial version |
| 2.0 | 2024-06-05 | Updated the Security Bulletin |
| 3.0 | 2024-11-06 | Updated the Security Bulletin |