cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-55550,https://securityvulnerability.io/vulnerability/CVE-2024-55550,Local File Read Vulnerability in Mitel MiCollab Product,"Mitel MiCollab versions up to 9.8 SP2 are susceptible to a local file read vulnerability. Authenticated attackers with administrative privileges can exploit this issue due to insufficient input sanitization. This flaw enables access to resources typically restricted to admin-level access, allowing disclosure of non-sensitive system information. However, this vulnerability does not permit file modifications or privilege escalations.",Mitel,Micollab,2.7,LOW,0.42715999484062195,true,2025-01-07T00:00:00.000Z,false,false,true,2025-01-07T00:00:00.000Z,,false,false,,2024-12-10T19:15:00.000Z,0
CVE-2024-30159,https://securityvulnerability.io/vulnerability/CVE-2024-30159,Authenticated Stored Cross-Site Scripting (XSS) Vulnerability,A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.,Mitel,Micollab,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-30160,https://securityvulnerability.io/vulnerability/CVE-2024-30160,Mitel MiCollab Stored XSS Vulnerability Could Lead to Arbitrary Script Execution,A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.,Mitel,Micollab,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-30158,https://securityvulnerability.io/vulnerability/CVE-2024-30158,Attackers with Admin Privs Can Abuse SQL Injections,"A SQL Injection vulnerability exists in the web conferencing component of Mitel MiCollab through version 9.7.1.110. This security flaw permits an authenticated user with administrative privileges to execute SQL Injection attacks, attributed to the insufficient validation of user input. If successfully exploited, the attacker could perform unauthorized database operations and management actions, potentially compromising the integrity and confidentiality of the system.",Mitel,Micollab,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-47224,https://securityvulnerability.io/vulnerability/CVE-2024-47224,Mitel MiCollab Vulnerability Could Lead to Phishing Attacks,"A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack.",Mitel,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-41713,https://securityvulnerability.io/vulnerability/CVE-2024-41713,Mitel NuPoint Unified Messaging (NPM) Vulnerability: Path Traversal Attack,"A vulnerability exists within the NuPoint Unified Messaging component of Mitel MiCollab, where insufficient input validation may result in a path traversal attack. An unauthenticated attacker who successfully exploits this vulnerability could gain unauthorized access, potentially allowing them to view, corrupt, or delete sensitive user data and critical system configurations. Organizations using affected versions should prioritize securing their systems against potential exploits to mitigate the risk of data breaches.",Mitel,Micollab,9.1,CRITICAL,0.9543700218200684,true,2025-01-07T00:00:00.000Z,true,false,true,2024-12-05T14:07:33.000Z,,true,false,,2024-10-21T21:15:00.000Z,3587
CVE-2024-35287,https://securityvulnerability.io/vulnerability/CVE-2024-35287,Potential Privilege Escalation Vulnerability in Mitel MiCollab,"A vulnerability exists in the NuPoint Messenger component of Mitel MiCollab that allows an authenticated attacker with administrative privileges to exploit a privilege escalation flaw. This issue arises from the execution of a resource with unnecessary privileges within the component. When successfully exploited, attackers can execute arbitrary commands with elevated privileges, raising significant security concerns for affected systems. Users of Mitel MiCollab versions up to 9.8 SP1 are encouraged to review their security measures and the specific advisory for further insights.",Mitel,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-35315,https://securityvulnerability.io/vulnerability/CVE-2024-35315,Privilege Escalation Vulnerability in Mitel MiCollab Desktop Client,"A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges.",Mitel,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-30157,https://securityvulnerability.io/vulnerability/CVE-2024-30157,Suite Applications Services Vulnerability Could Lead to SQL Injection,"A vulnerability identified in the Suite Applications Services component of Mitel MiCollab through version 9.7.1.110 presents significant security risks. The flaw arises from inadequate validation of user input, which can potentially enable an authenticated attacker with administrative privileges to execute a SQL Injection attack. This exploitation could facilitate unauthorized database access and pose threats to data integrity and confidentiality. Organizations leveraging Mitel MiCollab should prioritize addressing this vulnerability through timely patches and enhanced security practices.",Mitel,Micollab,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-35285,https://securityvulnerability.io/vulnerability/CVE-2024-35285," jusquoint Messenger Vulnerability Allows Unauthorized Command Injection",A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.,Mitel MiCollab,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-35286,https://securityvulnerability.io/vulnerability/CVE-2024-35286,Unauthenticated SQL Injection Vulnerability in Mitel MiCollab NPM could Lead to Sensitive Information Exposure,"There is a critical unauthenticated SQL injection vulnerability (CVE-2024-35286) in Mitel MiCollab NPM that allows attackers to access sensitive information and execute arbitrary database and management operations. A zero-day arbitrary file read flaw, when chained with a now-patched critical bug in the same platform, gives attackers access to sensitive files on vulnerable instances. Additionally, an authentication bypass vulnerability (CVE-2024-41713) was found, which allows an unauthenticated attacker to conduct a path traversal attack, potentially compromising user data and system configurations. Mitel has released patches for some of these flaws, but the arbitrary file read flaw, which requires authentication to exploit, remains unpatched at the time of writing. The widespread use of Mitel MiCollab, with more than 16,000 instances across the Internet, makes it a target for ransomware gangs and other cybercriminals.",Mitel,,,,0.0004299999854993075,false,,true,false,true,2024-12-05T00:00:00.000Z,,true,false,,2024-10-21T21:15:00.000Z,1644
CVE-2024-35314,https://securityvulnerability.io/vulnerability/CVE-2024-35314,Unauthenticated Command Injection Vulnerability,"A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts.",Mitel,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-41714,https://securityvulnerability.io/vulnerability/CVE-2024-41714,Mitel MiCollab Vulnerability Could Lead to Command Injection Attacks,"A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system.",Mitel,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-41712,https://securityvulnerability.io/vulnerability/CVE-2024-41712,Command Injection Vulnerability in Mitel MiCollab Could Allow Arbitrary Code Execution,"A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user.",Mitel,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-21T21:15:00.000Z,0
CVE-2024-47912,https://securityvulnerability.io/vulnerability/CVE-2024-47912,Unauthorized Data Access Vulnerability in Mitel MiCollab AWV Conferencing Component,"A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information.",Mitel,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-21T20:15:00.000Z,0
CVE-2024-47189,https://securityvulnerability.io/vulnerability/CVE-2024-47189,Unauthenticated SQL Injection Vulnerability in Mitel MiCollab's API Interface,"The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of specific details to access non-sensitive user provisioning information and execute arbitrary SQL database commands.",Mitel,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-21T20:15:00.000Z,0
CVE-2024-47223,https://securityvulnerability.io/vulnerability/CVE-2024-47223,Mitel MiCollab Vulnerability - SQL Injection Risk,"A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands.",Mitel,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-21T20:15:00.000Z,0
CVE-2024-42514,https://securityvulnerability.io/vulnerability/CVE-2024-42514,Inadequate Access Control in Mitel MiContact Center Legacy Chat Component,"A vulnerability in the legacy chat component of Mitel MiContact Center Business versions up to 10.1.0.4 allows an unauthenticated attacker to exploit the system through insufficient access control checks. This vulnerability potentially enables an attacker to gain unauthorized access during an active chat session, which can result in exposure of sensitive information and the ability to send unauthorized messages. User interaction is required for successful exploitation, emphasizing the need for vigilance among users of the affected versions.",Mitel,,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-01T00:00:00.000Z,0
CVE-2024-36446,https://securityvulnerability.io/vulnerability/CVE-2024-36446,Authentication Bypass in Mitel MiVoice MX-ONE Provisioning Manager,"The provisioning manager component of Mitel MiVoice MX-ONE versions up to 7.6 SP1 is susceptible to an authentication bypass vulnerability due to improper access control mechanisms. An authenticated attacker could exploit this weakness to bypass the existing authorization schema, gaining unauthorized access to sensitive functionalities and data within the system. This vulnerability emphasizes the need for robust access control practices to mitigate risks effectively.",Mitel,Mivoice Mx-one,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-08-13T00:00:00.000Z,0
CVE-2024-41711,https://securityvulnerability.io/vulnerability/CVE-2024-41711,Argument Injection Vulnerability in Mitel SIP Phones,"A vulnerability in various Mitel SIP phone models arises from inadequate parameter sanitization, potentially allowing an unauthenticated attacker with physical access to perform an argument injection attack. This could enable the execution of arbitrary commands within the phone's system context, raising significant security concerns for users.",Mitel,Mitel SIP Phones,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T00:00:00.000Z,0
CVE-2024-41710,https://securityvulnerability.io/vulnerability/CVE-2024-41710,Argument Injection Attack on Mitel SIP Phones,"A vulnerability exists in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, allowing an authenticated attacker with administrative privileges to perform an argument injection attack. This weakness arises from inadequate parameter sanitization during the boot sequence of the devices. If exploited, it could enable the attacker to execute arbitrary commands within the system's context, leading to potential disruption and compromise of device integrity.",Mitel,Mitel 6800 Series and 6900 Series SIP Phones,6.8,MEDIUM,0.00044999999227002263,false,,true,true,true,2025-01-29T18:03:01.000Z,,true,false,,2024-08-12T19:15:00.000Z,3993
CVE-2024-37569,https://securityvulnerability.io/vulnerability/CVE-2024-37569,Command Injection Vulnerability in Mitel 6869i Devices,"A security flaw has been identified in Mitel 6869i devices running versions up to 4.5.0.41 and 5.x up to 5.0.0.1018. This vulnerability allows an authenticated user to exploit a command injection through improperly sanitized input in the hostname parameter of the provis.html endpoint. Since the input is executed as part of shell commands during system boot, attackers can execute arbitrary commands in the system's root context by injecting shell metacharacters into the hostname. This serious oversight in input validation could lead to remote code execution, granting unauthorized control over the device.",Mitel,6869i Sip Firmware,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-06-09T20:15:00.000Z,0
CVE-2024-37570,https://securityvulnerability.io/vulnerability/CVE-2024-37570,Command Execution Vulnerability in Mitel 6869i 4.5.0.41 Devices via Manual Firmware Update Page,"Mitel 6869i devices running version 4.5.0.41 are affected by a security vulnerability stemming from a lack of input sanitization on the Manual Firmware Update page. An authenticated user can exploit this flaw by manipulating the username and path parameters sent to the system. This unsanitized input is passed directly to the busybox ftpget command, enabling the potential for arbitrary command execution within the device's environment.",Mitel,6869i Sip Firmware,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-06-09T20:15:00.000Z,0
CVE-2024-35283,https://securityvulnerability.io/vulnerability/CVE-2024-35283,Mitel MiContact Center Business Vulnerability: Unauthenticated Stored XSS Attack,"A vulnerability has been identified in the Ignite component of Mitel's MiContact Center Business software. This issue arises from insufficient input validation, enabling unauthenticated attackers to potentially execute stored cross-site scripting (XSS) attacks. Such vulnerabilities can allow attackers to inject malicious scripts into web pages viewed by users, leading to serious security risks including data theft and unauthorized actions performed on behalf of legitimate users.",Mitel,,,,0.01,false,,false,false,false,,,false,false,,2024-05-29T16:15:00.000Z,0
CVE-2024-35284,https://securityvulnerability.io/vulnerability/CVE-2024-35284,Mitel MiContact Center Business Vulnerability: Reflected XSS Attack Due to Input Validation Failure,"The legacy chat component of Mitel MiContact Center Business versions up to 10.0.0.4 is susceptible to a reflected cross-site scripting attack. This vulnerability arises from insufficient input validation, allowing an unauthenticated attacker to potentially execute arbitrary JavaScript code in the context of a user's session. Attackers can exploit this weakness to manipulate web sessions, such as capturing sensitive user credentials or spreading malware. It is crucial for organizations utilizing this product to review security configurations and apply necessary updates from Mitel to mitigate the risks associated with this vulnerability.",Mitel,,,,0.01,false,,false,false,false,,,false,false,,2024-05-29T16:15:00.000Z,0