CVE-2024-47223

Name of the Vulnerable Software and Affected Versions Mitel MiCollab versions through 9.8 SP1 FP2 (9.8.1.201)

Description The issue is related to insufficient sanitization of user input in the AWV (Audio, Web and Video Conferencing) component, allowing an unauthenticated attacker to conduct a SQL injection attack. This could enable an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands. The vulnerability poses a significant threat to businesses.

Recommendations For Mitel MiCollab versions through 9.8 SP1 FP2 (9.8.1.201), update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the AWV component until a patch is available. Avoid using user input in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.