1. Home
  2. CVE Database
  3. CVE-2024-41714
HIGH · 8.8

CVE-2024-41714

A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attac...

Vulnerability Description

A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
MitelMicollab<= 9.8.1.5
MitelMivoice Business Solution Virtual Instance<= 1.0.0.27

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2024-41714?

CVE-2024-41714 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attac...

How severe is CVE-2024-41714?

CVE-2024-41714 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-41714?

Check the references section above for vendor advisories and patch information. Affected products include: Mitel Micollab, Mitel Mivoice Business Solution Virtual Instance.