Mitel has issued security updates to address a critical flaw in its MiVoice MX-ONE system that allows attackers to bypass authentication mechanisms. This vulnerability exists in the Provisioning Manager component, which could let unauthenticated attackers exploit weaknesses in access control.
The advisory highlights the seriousness of the vulnerability, which has not yet received a CVE identifier but carries a CVSS score of 9.4 out of 10. The flaw affects MiVoice MX-ONE versions ranging from 7.3 to 7.8 SP1. Mitel has provided patches for versions 7.8 and 7.8 SP1, and users of version 7.3 or later should request a patch from their service partners.
Until the updates are implemented, Mitel advises minimizing the exposure of MX-ONE services to the public internet by placing them within trusted networks.
In addition to this authentication bypass flaw, Mitel announced the resolution of a high-severity vulnerability in MiCollab, which, if exploited, could allow authenticated attackers to execute SQL injection attacks, thereby accessing provisioning information and executing arbitrary database commands. This issue has a CVSS score of 8.8 and affects MiCollab versions from 9.8 SP3 and earlier through 10.0. Mitel has released updates for versions 10.1 and later to resolve this vulnerability.
Given the history of active attacks targeting Mitel devices, it is critical for users to apply these updates promptly to safeguard their systems.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.