CVE-2024-31965

Name of the Vulnerable Software and Affected Versions Mitel 6800 Series versions through 6.3 SP3 HF4 Mitel 6900 Series versions through 6.3 SP3 HF4 Mitel 6900w Series versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8

Description The issue is related to insufficient input validation, allowing an authenticated attacker with administrative privilege to conduct a path traversal attack. This could enable the attacker to access sensitive information by sending a specially crafted HTTP request.

Recommendations For Mitel 6800 Series versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue. For Mitel 6900 Series versions through 6.3 SP3 HF4, update to a version later than 6.3 SP3 HF4 to resolve the issue. For Mitel 6900w Series versions through 6.3.3, update to a version later than 6.3.3 to resolve the issue. For Mitel 6970 Conference Unit versions through 5.1.1 SP8, update to a version later than 5.1.1 SP8 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable HTTP endpoint until a patch is available.