CVE-2024-47912

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions prior to 9.8 SP1 FP2 (9.8.1.201)

Description: A vulnerability in the AWV Conferencing component could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information. The vulnerability is related to deficiencies in the authentication procedure, which may enable a remote attacker to gain unauthorized access to read, modify, or delete data.

Recommendations: For Mitel MiCollab versions prior to 9.8 SP1 FP2 (9.8.1.201), update to version 9.8 SP1 FP2 (9.8.1.201) or later to resolve the issue. As a temporary workaround, consider restricting access to the AWV Conferencing component to minimize the risk of exploitation.