Mitel Mitel Networks Corporation is a Telecommunications company based in Canada
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Mitel product.
RSS Feeds for Mitel security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Mitel products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Mitel Sorted by Most Security Vulnerabilities since 2018
Known Exploited Mitel Vulnerabilities
The following Mitel vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Mitel SIP Phones Argument Injection Vulnerability |
Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system. CVE-2024-41710 Exploit Probability: 21.1% |
February 12, 2025 |
| Mitel MiCollab Path Traversal Vulnerability |
Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server. CVE-2024-55550 Exploit Probability: 8.5% |
January 7, 2025 |
| Mitel MiCollab Path Traversal Vulnerability |
Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server. CVE-2024-41713 Exploit Probability: 93.9% |
January 7, 2025 |
| Mitel MiVoice Connect Code Injection Vulnerability |
The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application. CVE-2022-41223 Exploit Probability: 3.2% |
February 21, 2023 |
| Mitel MiVoice Connect Command Injection Vulnerability |
The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system. CVE-2022-40765 Exploit Probability: 3.5% |
February 21, 2023 |
| Mitel MiVoice Connect Data Validation Vulnerability |
The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation. CVE-2022-29499 Exploit Probability: 90.9% |
June 27, 2022 |
| MiCollab, MiVoice Business Express Access Control Vulnerability |
A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system. CVE-2022-26143 Exploit Probability: 79.3% |
March 25, 2022 |
Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. The vulnerability CVE-2024-41710: Mitel SIP Phones Argument Injection Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 3 vulnerabilities in Mitel with an average score of 8.8 out of ten. Last year, in 2024 Mitel had 27 security vulnerabilities published. Right now, Mitel is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 1.48.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 3 | 8.80 |
| 2024 | 27 | 7.32 |
| 2023 | 18 | 7.16 |
| 2022 | 10 | 8.67 |
| 2021 | 13 | 6.94 |
| 2020 | 24 | 6.91 |
| 2019 | 8 | 7.85 |
| 2018 | 10 | 7.56 |
It may take a day or so for new Mitel vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mitel Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-52913 | Aug 08, 2025 |
Mitel MiCollab NPM Path Traversal (before 9.8 SP2)A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. |
Micollab
|
| CVE-2025-52914 | Aug 08, 2025 |
SQLi in Mitel MiCollab 10.0-10.0.1.101 Suite Applications ServicesA vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands. |
Micollab
|
| CVE-2025-27828 | Jun 24, 2025 |
Mitel MiContact Center Business <=10.2.0.4 RefXSS in chat compA vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through 10.2.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts with a limited impact on the confidentiality and the integrity. |
Micontact Center Business
|
| CVE-2024-55550 | Dec 10, 2024 |
Mitel MiCollab Insufficient Input Sanitization Local File Read VulnerabilityMitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation. |
Micollab
|
| CVE-2024-35285 | Oct 21, 2024 |
Command Injection in Mitel MiCollab NPM (v 9.8.0.33)A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. |
Micollab
|
| CVE-2024-35286 | Oct 21, 2024 |
NuPoint Messenger (NPM) SQLi in Mitel MiCollab v9.8.0.33A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations. |
Micollab
|
| CVE-2024-35287 | Oct 21, 2024 |
NuPoint Messenger PrivEsc in Mitel MiCollab 9.8 SP1A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. |
Micollab
|
| CVE-2024-35314 | Oct 21, 2024 |
Cve-2024-35314: Command Injection Mitel MiCollab Desktop Client <=9.7.1.110A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts. |
Micollab
Mivoice Business Solution Virtual Instance
|
| CVE-2024-35315 | Oct 21, 2024 |
Priv Escal in Mitel MiCollab & MiVB SVI <=9.7.1.110 via Improper File ValidationA vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges. |
Micollab
Mivoice Business Solution Virtual Instance
|
| CVE-2024-41712 | Oct 21, 2024 |
Command Injection in Mitel MiCollab WebConf < 9.8.1.5A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user. |
Micollab
|
| CVE-2024-41714 | Oct 21, 2024 |
Mitel MiCollab Web Interface Command Injection (<=9.8 SP1)A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system. |
Micollab
Mivoice Business Solution Virtual Instance
|
| CVE-2024-47224 | Oct 21, 2024 |
Mitel MiCollab AWV CRLF Injection (pre-9.8.1.201)A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack. |
Micollab
|
| CVE-2024-41713 | Oct 21, 2024 |
Mitel MiCollab 9.8 SP1 FP2 Path-Traversal in NuPoint Unified Messaging (CVE-2024-41713)A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. |
Micollab
|
| CVE-2024-30157 | Oct 21, 2024 |
SQL Injection in Mitel MiCollab Suite Applications Services v9.7.1.110A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations. |
Micollab
|
| CVE-2024-30158 | Oct 21, 2024 |
Mitel MiCollab <9.7.1.110: SQLi via Auth AdminA vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations. |
Micollab
|
| CVE-2024-30159 | Oct 21, 2024 |
Mitel MiCollab 9.7.1.110 Web Conf: Stored XSS via insufficient user inputA vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts. |
Micollab
|
| CVE-2024-30160 | Oct 21, 2024 |
MiCollab 9.7.1.110 Stored XSS in Suite Apps ServiceA vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts. |
Micollab
|
| CVE-2024-47189 | Oct 21, 2024 |
Mitel MiCollab AWV SQLi in API pre9.8.1.201The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of specific details to access non-sensitive user provisioning information and execute arbitrary SQL database commands. |
Micollab
|
| CVE-2024-47223 | Oct 21, 2024 |
Unauthenticated SQLi in Mitel MiCollab AWV 9.8 SP1 FP2A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands. |
Micollab
|
| CVE-2024-47912 | Oct 21, 2024 |
Unauthorized Data Access in Mitel MiCollab 9.8 SP1 FP2 AWV Conf (CVE-2024-47912)A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information. |
Micollab
|
| CVE-2024-42514 | Oct 01, 2024 |
Mitel MiContactCB <=10.1.0.4 LC Unauthorized Access (CVE-2024-42514)A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session. |
Micontact Center Business
|
| CVE-2024-36446 | Aug 13, 2024 |
Mitel MiVoice MX-ONE ProvMgr Auth Bypass (<=7.6 SP1)The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema. |
Mivoice Mx One
|
| CVE-2024-41710 | Aug 12, 2024 |
Command Injection on Mitel 6800/6900 SIP Phones R6.4.0.HF1 via Arg InjectionA vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system. |
6863i Sip Firmware
6865i Sip Firmware
6867i Sip Firmware
And others... |
| CVE-2024-37570 | Jun 09, 2024 |
Command Injection in Mitel 6869i 4.5.0.41 Firmware UpdateOn Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution. |
6869i Sip Firmware
|
| CVE-2024-35283 | May 29, 2024 |
Mitel MiContact Center Bus <=10.0.0.4 Ignite: Stored XSS (CVE-2024-35283)A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input validation. |
Micontact Center Business
|
| CVE-2024-35284 | May 29, 2024 |
Mitel MiContact Center Business <=10.0.0.4 Reflected XSS in Legacy ChatA vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. |
Micontact Center Business
|
| CVE-2024-28069 | Mar 16, 2024 |
Mitel MiContact Center Business <10.0.0.4: legacy chat info disclosureA vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component. |
Micontact Center Business
|
| CVE-2024-28070 | Mar 16, 2024 |
Mitel MiContact Center Business <10.0.0.4 Reflected XSSA vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access. |
Micontact Center Business
|
| CVE-2023-40265 | Feb 08, 2024 |
Atos OpenScape Xpressions WebAssistant RCE via File UploadAn issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload. |
Unify Openscape Xpressions Webassistant
|
| CVE-2023-40266 | Feb 08, 2024 |
Atos Unify OpenScape Xprs WebAssistant Path TraversalAn issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal. |
Unify Openscape Xpressions Webassistant
|
| CVE-2023-39285 | Sep 14, 2023 |
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) couldA vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. |
Mivoice Connect
|
| CVE-2023-39286 | Sep 14, 2023 |
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 couldA vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. |
Connect Mobility Router
|
| CVE-2023-39291 | Aug 25, 2023 |
A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 couldA vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. |
Mivoice Connect
|
| CVE-2023-39288 | Aug 25, 2023 |
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 couldA vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. |
Mivoice Connect
|
| CVE-2023-39289 | Aug 25, 2023 |
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 couldA vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information. |
Mivoice Connect
|
| CVE-2023-39290 | Aug 25, 2023 |
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) couldA vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. |
Mivoice Connect
|
| CVE-2023-39287 | Aug 25, 2023 |
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) couldA vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. |
Mivoice Connect
|
| CVE-2023-39293 | Aug 14, 2023 |
A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which couldA Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. |
Mivoice Office 400
Mivoice Office 400 Smb Controller Firmware
|
| CVE-2023-39292 | Aug 14, 2023 |
A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which couldA SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. |
Mivoice Office 400
Mivoice Office 400 Smb Controller Firmware
|
| CVE-2023-32748 | Aug 14, 2023 |
The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) couldThe Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. |
Mivoice Connect
|
| CVE-2023-31458 | May 24, 2023 |
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier couldA vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. |
Mivoice Connect
|
| CVE-2023-25599 | May 24, 2023 |
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 couldA vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. |
Mivoice Connect
|
| CVE-2023-31459 | May 24, 2023 |
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier couldA vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. |
Mivoice Connect
|
| CVE-2023-25598 | May 24, 2023 |
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 couldA vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts. |
Mivoice Connect
|
| CVE-2023-31457 | May 24, 2023 |
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier couldA vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. |
Mivoice Connect
|
| CVE-2023-31460 | May 24, 2023 |
A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier couldA vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters. |
Mivoice Connect
|
| CVE-2023-25597 | Apr 14, 2023 |
A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 couldA vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information. |
Micollab
|
| CVE-2023-22854 | Feb 13, 2023 |
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 couldThe ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. |
Micontact Center Business
|
| CVE-2022-41326 | Nov 22, 2022 |
The web conferencing component of Mitel MiCollab through 9.6.0.13 couldThe web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. |
Micollab
|
| CVE-2022-41223 | Nov 22, 2022 |
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) couldThe Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. |
Mivoice Connect
|