CVE-2024-41714

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8 SP1 (9.8.1.5) MiVoice Business Solution Virtual Instance (MiVB SVI) versions through 1.0.0.27

Description: A vulnerability in the Web Interface component could allow an authenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. This could enable an attacker to execute arbitrary commands with elevated privileges within the context of the system.

Recommendations: For Mitel MiCollab versions through 9.8 SP1 (9.8.1.5), update to a version later than 9.8.1.5 to resolve the issue. For MiVoice Business Solution Virtual Instance (MiVB SVI) versions through 1.0.0.27, update to a version later than 1.0.0.27 to resolve the issue. As a temporary workaround, consider restricting access to the Web Interface component to minimize the risk of exploitation.