CVE-2024-35285

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8.0.33

Description: A vulnerability in Mitel MiCollab's NuPoint Messenger component allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. This issue is related to the lack of data sanitization at the management level, which can be exploited by a remote attacker to execute arbitrary commands using specially crafted data.

Recommendations: For versions through 9.8.0.33, update to a version that addresses the command injection vulnerability. As a temporary workaround, consider restricting access to the NuPoint Messenger component to minimize the risk of exploitation.