A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts.
The vulnerability resulted from insufficient sanitization of input parameters in the Desktop client (CWE-94 — improper control of code generation). An attacker can provide specially crafted input data that will be interpreted as commands or scripts by the vulnerable application. Exploitation requires user interaction (e.g., opening a crafted link or file), however the attacker does not need any prior authentication.
Successful exploitation of this vulnerability allows an attacker to execute arbitrary scripts in the context of the application on the victim's device, which may lead to breach of data confidentiality, modification of system resources, and disruption of service availability.
Security patches available from the vendor should be applied according to references published by Mitel in Security Bulletin 24-0015-001 (available at the address indicated in the references). Until the fix is implemented, it is recommended to restrict the ability to run the Desktop client in environments exposed to untrusted input data.
Mitel MiCollab Desktop Client in versions up to and including 9.7.1.110 and Mitel MiVoice Business Solution Virtual Instance (MiVB SVI) version 1.0.0.25.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMitel Micollab
APPMitel≤ 9.7.1.110Mitel Mivoice Business Solution Virtual Instance
APPMitel1.0.0.25
Related vulnerabilities
Path Traversal w Mitel MiCollab — nieautoryzowany dostęp do danych
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through ...
SQL Injection w Mitel MiCollab NuPoint Messenger — dostęp bez uwierzytelnienia
Command injection w Mitel MiCollab NuPoint Messenger — dostęp bez uwierzytelnienia
SQL Injection w komponencie AWV Mitel MiCollab — dostęp bez uwierzytelnienia