First published: Mon Oct 21 2024(Updated: )
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel MiCollab | <=9.7.1.110 | |
Mitel MiVoice Business Solution |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-35314 is considered a high severity vulnerability due to its potential for command injection attacks.
To fix CVE-2024-35314, update the Mitel MiCollab Desktop Client to version 9.7.1.111 or later.
Users of Mitel MiCollab Desktop Client up to version 9.7.1.110 and Mitel MiVoice Business Solution Virtual Instance are affected by CVE-2024-35314.
CVE-2024-35314 allows for a command injection attack due to insufficient parameter sanitization.
No, an unauthenticated attacker can exploit CVE-2024-35314.