Mitel Product Security Advisory 24-0015

MiCollab Argument Injection Vulnerability

Advisory ID: 24-0015

Publish Date: 2024-05-23

Last Updated: 2024-11-06

Revision: 3.0

 

Summary

An argument injection vulnerability has been identified in the MiCollab desktop client of Mitel MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) which, if successfully exploited, could allow a malicious actor to execute arbitrary scripts. 

Mitel is recommending customers with affected product versions update to the latest release.

 

Affected Products

Security Bulletins are being issued for the following products:

 

Risk Assessment

The risk of this vulnerability is rated as High. Refer to the product Security Bulletin(s) for additional statements regarding risk.

 

Mitigation / Recommended Action

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions. 

For additional information, contact Product Support. 

 

Related CVEs / CWEs / Advisories

CVE-2024-35314

 

Revision History

Version Date Description
1.0 2024-05-23  Initial version 
2.0 2024-06-05
Updated the Security Bulletin
3.0 2024-11-06 Updated the Security Bulletin
Ready to talk to sales? Contact us.