Headline
CVE-2022-41326: Mitel MiCollab Authorization Control Vulnerability
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.
Mitel Product Security Advisory 22-0009****Mitel MiCollab Authorization Control Vulnerability
Advisory ID: 22-0009
Publish Date: 2022-10-12
Last Updated: 2022-10-12
Revision: 1.0
Summary
A vulnerability has been identified in the web conferencing component of Mitel MiCollab which could allow an unauthenticated attacker to upload arbitrary scripts. A successful exploit could allow an attacker to perform remote code execution within the context of the application.
Mitel is recommending customers with affected product versions apply the available remediation.
Affected Products
Product Name
Product Version
Security Bulletin
Last Updated
MiCollab
9.6.0.105 and earlier
22-0009-001
2022-10-12
Note: MiVoice Business Express included earlier versions of MiCollab and is also affected.
Risk Assessment
The risk for this vulnerability is rated as Critical. Refer to the product Security Bulletin for additional statements regarding risk.
Mitigation / Recommended Action
Mitel has made available remediation for current and earlier releases of MiCollab. Customers are recommended to apply the remediations.
Customers are advised to review the product Security Bulletin. For additional information, contact Mitel Product Support.
Related CVEs / CWEs / Advisories
CVE-2022-41326
Revision History
Version
Date
Description
1.0
2022-10-12
Initial Version