Mitel Product Security Advisory 24-0016
Mitel Product Security Advisory 24-0016
MiCollab Privilege Escalation Vulnerability
Advisory ID: 24-0016
Publish Date: 2024-05-23
Last Updated: 2024-06-05
Revision: 2.0
Summary
A privilege escalation vulnerability has been identified in the MiCollab desktop client of Mitel MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) which, if successfully exploited, could allow a malicious actor to run arbitrary code with elevated privileges.
Mitel is recommending customers with affected product versions update to the latest release.
Credit is given to Julian Horoszkiewicz of the Eviden Red Team for highlighting these issues and bringing them to our attention.
Affected Products
Security Bulletins are being issued for the following products:
| Product Name | Product Version | Security Bulletin | Last Updated |
|---|---|---|---|
| MiCollab | 9.7.1.110 and earlier | 24-0016-001 | 2024-06-05 |
| MiVoice Business Solution Virtual Instance (MiVB SVI) | 1.0.0.25 | 24-0016-001 | 2024-06-05 |
Risk Assessment
The risk of this vulnerability is rated as High. Refer to the product Security Bulletin(s) for additional statements regarding risk.
Mitigation / Recommended Action
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
For additional information, contact Product Support.
Related CVEs / CWEs / Advisories
CVE-2024-35315
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2024-05-23 | Initial version |
| 2.0 | 2024-06-05 | Updated the Security Bulletin |