First published: Fri Aug 13 2021(Updated: )
The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify application data and state.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel MiCollab, MiVoice Business Express | <9.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-32068 is a vulnerability in the AWV and MiCollab Client Service components in Mitel MiCollab before version 9.3, which could allow an attacker to perform a Man-In-the-Middle attack.
CVE-2021-32068 works by exploiting insufficient TLS session controls in the AWV and MiCollab Client Service components, allowing an attacker to send multiple session renegotiation requests and perform a Man-In-the-Middle attack.
CVE-2021-32068 has a severity rating of Medium with a CVSS score of 3.7.
To fix CVE-2021-32068, it is recommended to upgrade Mitel MiCollab to version 9.3 or later.
You can find more information about CVE-2021-32068 on Mitel's support website, specifically their security advisories page.