Mitel Product Security Advisory 22-0001

MiCollab, MiVoice Business Express Access Control Vulnerability

Advisory ID: 22-0001

Publish Date: 2022-02-22

Last Updated: 2022-03-11

Revision: 2.0

Summary

A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system. If exploited with a denial of service attack, the impacted system may cause significant outbound traffic impacting availability of other services.

Affected Products

Product Name

Product Version

Security Bulletin

Last Updated

Mitel MiCollab

Prior to and including R9.4SP1

22-0001-001

2022-02-22

MiVoice Business Express

Prior to and including R8.1

22-0001-002

2022-02-22

Risk Assessment

The risk of this vulnerability is rated as critical for MiCollab deployments in Server-Gateway mode without firewall protection. The severity is rated high for MiCollab deployments on protected internal networks. Refer to the product Security Bulletin(s) for additional statements regarding risk.

Mitigation / Recommended Action

N/A

External References

N/A

Related CVEs / CWEs / Advisories

CVE-2022-26143

Revision History

Version	Date	Description
1.0	2022-02-22	Initial version
2.0	2022-03-11	Added CVE Identifier

First Name

Last Name

Email Address

Relationship to Mitel

By providing the above information, you agree that we may process your personal data in accordance with our Privacy Policy.

Do you agree to the terms and conditions of using our services?