CVE-2024-36446

Name of the Vulnerable Software and Affected Versions: Mitel MiVoice MX-ONE versions through 7.6 SP1

Description: The provisioning manager component of Mitel MiVoice MX-ONE could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema. This issue is related to insufficient access control in the MX-ONE Provisioning Manager, which could enable a remote attacker to bypass authentication procedures and impact the integrity of protected information.

Recommendations: For Mitel MiVoice MX-ONE versions through 7.6 SP1, consider disabling the provisioning manager component until a patch is available to prevent potential authentication bypass attacks. Restrict access to the provisioning manager to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.