A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system.
2024-10-21T21:15:06.547
2025-06-24T01:29:55.607
Analyzed
CVSSv3.1: 8.8 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mitel | micollab | ≤ 9.8.1.5 | Yes |
| Application | mitel | mivoice_business_solution_virtual_instance | ≤ 1.0.0.27 | Yes |