CVE-2024-35314 Information

Description

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110 and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25 could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary scripts.

Reference

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0015