Mitel Patches Critical Flaw in Enterprise Communication Platform

Posted on By CWS

Mitel this week introduced patches for a critical-severity vulnerability within the MiVoice MX-ONE enterprise communication platform that would permit attackers to realize administrator rights.

No CVE identifier has been assigned to the flaw, however Mitel says it has a CVSS score of 9.4, because it might permit distant, unauthenticated attackers to entry person or admin accounts on the system.

Mitel describes the safety defect as an authentication bypass difficulty that exists as a result of entry controls should not correctly applied.

“An authentication bypass vulnerability has been recognized within the Provisioning Supervisor element of Mitel MiVoice MX-ONE, which if efficiently exploited might permit an unauthenticated attacker to conduct an authentication bypass assault because of improper entry management,” the corporate says.

The bug impacts MiVoice MX-ONE variations 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14), and was addressed with the discharge of MXO-15711_78SP0 and MXO-15711_78SP1 for MX-ONE variations 7.8 and seven.8 SP1, respectively.

“For MiVoice MX-ONE model 7.3 and above, please submit a patch request to your approved service companion. Patches are made obtainable at Mitel’s discretion,” the corporate notes.

The seller urges clients to use the patches instantly, noting that the MX-ONE companies shouldn’t be uncovered to the web, and that proscribing entry to the Provisioning Supervisor service or disabling it ought to mitigate the chance.

Cybersecurity agency Arctic Wolf says it has not noticed the vulnerability being exploited within the wild, and no proof-of-concept (PoC) exploit concentrating on it seems to exist publicly.Commercial. Scroll to proceed studying.

Nevertheless, customers ought to apply the obtainable fixes as quickly as attainable, on condition that risk actors have focused Mitel vulnerabilities for which patches have been launched.

In January, the Aquabot botnet was seen exploiting a vulnerability in Mitel telephones that was addressed in July 2024. Two weeks later, the US cybersecurity company CISA added two Mitel MiCollab flaws to the KEV catalog.

Associated: Crucial Vulnerability Exposes Many Mitel MiCollab Situations to Distant Hacking

Associated: SonicWall Patches Crucial SMA 100 Vulnerability, Warns of Latest Malware Assault

Associated: Airoha Chip Vulnerabilities Expose Headphones to Takeover

Associated: New Vulnerabilities Expose Thousands and thousands of Brother Printers to Hacking

Security Week News Tags:, , , , , ,

Related Posts

Exploited CrushFTP Zero-Day Provides Admin Access to Servers Security Week News
Root Evidence Launches With $12.5 Million in Seed Funding Security Week News
In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware Security Week News
Senator Urges FTC Probe of Microsoft Over Security Failures Security Week News
Companies Warned of Commvault Vulnerability Exploitation Security Week News
Why Sincerity Is a Strategic Asset in Cybersecurity Security Week News