Mitel this week introduced patches for a critical-severity vulnerability within the MiVoice MX-ONE enterprise communication platform that would permit attackers to realize administrator rights.
No CVE identifier has been assigned to the flaw, however Mitel says it has a CVSS score of 9.4, because it might permit distant, unauthenticated attackers to entry person or admin accounts on the system.
Mitel describes the safety defect as an authentication bypass difficulty that exists as a result of entry controls should not correctly applied.
“An authentication bypass vulnerability has been recognized within the Provisioning Supervisor element of Mitel MiVoice MX-ONE, which if efficiently exploited might permit an unauthenticated attacker to conduct an authentication bypass assault because of improper entry management,” the corporate says.
The bug impacts MiVoice MX-ONE variations 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14), and was addressed with the discharge of MXO-15711_78SP0 and MXO-15711_78SP1 for MX-ONE variations 7.8 and seven.8 SP1, respectively.
“For MiVoice MX-ONE model 7.3 and above, please submit a patch request to your approved service companion. Patches are made obtainable at Mitel’s discretion,” the corporate notes.
The seller urges clients to use the patches instantly, noting that the MX-ONE companies shouldn’t be uncovered to the web, and that proscribing entry to the Provisioning Supervisor service or disabling it ought to mitigate the chance.
Cybersecurity agency Arctic Wolf says it has not noticed the vulnerability being exploited within the wild, and no proof-of-concept (PoC) exploit concentrating on it seems to exist publicly.Commercial. Scroll to proceed studying.
Nevertheless, customers ought to apply the obtainable fixes as quickly as attainable, on condition that risk actors have focused Mitel vulnerabilities for which patches have been launched.
In January, the Aquabot botnet was seen exploiting a vulnerability in Mitel telephones that was addressed in July 2024. Two weeks later, the US cybersecurity company CISA added two Mitel MiCollab flaws to the KEV catalog.
Associated: Crucial Vulnerability Exposes Many Mitel MiCollab Situations to Distant Hacking
Associated: SonicWall Patches Crucial SMA 100 Vulnerability, Warns of Latest Malware Assault
Associated: Airoha Chip Vulnerabilities Expose Headphones to Takeover
Associated: New Vulnerabilities Expose Thousands and thousands of Brother Printers to Hacking
