Mitel Product Security Advisory 24-0022
Mitel Product Security Advisory 24-0022
MiCollab Command Injection Vulnerability in the Web Conferencing Component
Advisory ID: 24-0022
Publish Date: 2024-07-24
Last Updated: 2024-07-24
Revision: 1.0
Summary
A command injection vulnerability has been identified in the Web Conferencing component of Mitel MiCollab which, if successfully exploited, could allow a malicious actor to execute arbitrary commands on the system within the context of the system.
Mitel is recommending customers with affected product versions update to the latest release.
Affected Products
Security Bulletins are being issued for the following products:
| Product Name | Product Version | Security Bulletin | Last Updated |
|---|---|---|---|
| MiCollab | 9.8 SP1 (9.8.1.5) and earlier | 24-0022-001 | 2024-07-24 |
Risk Assessment
The risk of this vulnerability is rated as High.
Mitigation / Recommended Action
Customers are advised to update their software to the latest versions. For additional information, contact Product Support.
Related CVEs / CWEs / Advisories
CVE-2024-41712
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2024-07-24 | Initial version |