First published: Mon Oct 21 2024(Updated: )
A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel MiCollab | <=9.8 SP1 (9.8.1.5) | |
Mitel MiVoice Business Solution | <=1.0.0.27 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-41714 has a medium severity rating due to the potential for authenticated attackers to conduct command injection attacks.
To remediate CVE-2024-41714, it is recommended to update Mitel MiCollab to version 9.8 SP1 (9.8.1.5) or later and MiVoice Business Solution Virtual Instance to version 1.0.0.27 or later.
CVE-2024-41714 is caused by insufficient parameter sanitization in the Web Interface component of the affected Mitel products.
CVE-2024-41714 affects users of Mitel MiCollab version up to 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance version up to 1.0.0.27.
No, CVE-2024-41714 requires authenticated access to the Web Interface component to exploit the vulnerability.