Mitel Product Security Advisory 23-0001

MiContact Center Business Local File Inclusion Vulnerability

Advisory ID: 23-0001

Publish Date: 2023-01-18

Last Updated: 2023-01-18

Revision: 1.0

Summary

A vulnerability in the ccmweb component of MiContact Center Business server, versions 9.2.2.0 to 9.4.1.0, could allow an unauthenticated attacker to download arbitrary files due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.

Mitel is recommending customers with affected product versions apply the available remediation.

Affected Products

Product Name	Product Version	Security Bulletin	Last Updated
MiContact Center Business	9.2.2.0 to 9.4.1.0	23-0001-001	2023-01-18

Risk Assessment

The risk for this vulnerability is rated as High. Refer to the product Security Bulletin for additional statements regarding risk.

Mitigation / Recommended Action

Customers with affected product versions are advised to update to the latest release. Mitel has also made available remediation for affected releases of MiContact Center Business. Customers are recommended to apply the remediations.
Customers are advised to review the product Security Bulletin. For additional information, contact Mitel Product Support.

Related CVEs / CWEs / Advisories

CVE-2023-22854

Revision History

Version	Date	Description
1.0	2023-01-18	Initial Version

First Name

Last Name

Email Address

Relationship to Mitel

By providing the above information, you agree that we may process your personal data in accordance with our Privacy Policy.

Do you agree to the terms and conditions of using our services?