CVE-2024-35315 — Code Injection in Micollab

CWE-94 — Code Injection3 documents3 sources

Severity

5.6MEDIUMNVD

EPSS

1.3%

top 20.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mitel Micollab Mitel Mivoice Business Solution Virtual Instance

Timeline

PublishedOct 21

Description

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:LExploitability: 0.8 | Impact: 4.7

Affected Packages2 packages

▶NVDmitel/mivoice_business_solution_virtual_instance1.0.0.25

▶NVDmitel/micollab9.7.1.110

🔴Vulnerability Details

CVEList

CVE-2024-35315: A vulnerability in the Desktop Client of Mitel MiCollab through 9↗2024-10-21

▶

GHSA

GHSA-8h2w-xmx5-q4j3: A vulnerability in the Desktop Client of Mitel MiCollab through 9↗2024-10-21

▶