CVE-2024-35314

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions 9.7.1.110 and earlier MiVoice Business Solution Virtual Instance (MiVB SVI) version 1.0.0.25

Description: A vulnerability in the Desktop Client could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts.

Recommendations: For Mitel MiCollab versions 9.7.1.110 and earlier, update to a version later than 9.7.1.110 to resolve the issue. For MiVoice Business Solution Virtual Instance (MiVB SVI) version 1.0.0.25, update to a version later than 1.0.0.25 to resolve the issue. As a temporary workaround, consider restricting user interaction with the Desktop Client to minimize the risk of exploitation.