CVE-2024-35287

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8 SP1 (9.8.1.5)

Description: A vulnerability in the NuPoint Messenger component could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. This issue is related to insufficient access control. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges.

Recommendations: For versions through 9.8 SP1 (9.8.1.5), update to a version that addresses the privilege escalation issue in the NuPoint Messenger component. As a temporary workaround, consider restricting access to the NuPoint Messenger component to minimize the risk of exploitation.