CVE-2024-41712 β€” Code Injection in Micollab

CWE-94 β€” Code Injection3 documents3 sources
Severity
6.6MEDIUMNVD
EPSS
0.2%
top 55.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mitel Micollab
Timeline
PublishedOct 21

Description

A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:LExploitability: 1.8 | Impact: 4.7

Affected Packages1 packages

β–ΆNVDmitel/micollab9.8.1.5

πŸ”΄Vulnerability Details

2
CVEList
CVE-2024-41712: A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9β†—2024-10-21
β–Ά
GHSA
GHSA-vc54-cc67-849w: A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9β†—2024-10-21
β–Ά
CVE-2024-41712 β€” Code Injection in Mitel Micollab | cvebase