CVE-2024-35315

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions 9.7.1.110 and earlier MiVoice Business Solution Virtual Instance (MiVB SVI) version 1.0.0.25

Description: A vulnerability in the Desktop Client could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. This could enable an attacker to run arbitrary code with elevated privileges. The issue is related to insufficient access control, which may allow an attacker to bypass security restrictions, elevate privileges, and execute arbitrary code.

Recommendations: For Mitel MiCollab versions 9.7.1.110 and earlier, update to a version later than 9.7.1.110 to resolve the issue. For MiVoice Business Solution Virtual Instance (MiVB SVI) version 1.0.0.25, update to a version later than 1.0.0.25 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.