CVE-2024-35314

moderate-risk
Published 2024-10-21

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts.

Do I need to act?

~
3.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Mivoice Business Solution Virtual Instance

Affected Vendors

Mitel

References (2)

Broken Link https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/securit...
Vendor Advisory https://www.mitel.com/support/security-advisories/mitel-product-security-advisor...
46
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 7/34 · Low