CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Mitel Patches Critical Flaw in Enterprise Communication Platform

An authentication bypass vulnerability in Mitel MiVoice MX-ONE could allow attackers to access user or admin accounts on the system. The post Mitel Patches Critical Flaw in Enterprise Communication Platform appeared first on SecurityWeek.

Mitel this week announced patches for a critical-severity vulnerability in the MiVoice MX-ONE enterprise communication platform that could allow attackers to gain administrator rights.

No CVE identifier has been assigned to the flaw, but Mitel says it has a CVSS rating of 9.4, as it could allow remote, unauthenticated attackers to access user or admin accounts on the system.

Mitel describes the security defect as an authentication bypass issue that exists because access controls are not properly implemented.

“An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which if successfully exploited could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper access control,” the company says.

The bug impacts MiVoice MX-ONE versions 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14), and was addressed with the release of MXO-15711_78SP0 and MXO-15711_78SP1 for MX-ONE versions 7.8 and 7.8 SP1, respectively.

“For MiVoice MX-ONE version 7.3 and above, please submit a patch request to your authorized service partner. Patches are made available at Mitel’s discretion,” the company notes.

The vendor urges customers to apply the patches immediately, noting that the MX-ONE services should not be exposed to the internet, and that restricting access to the Provisioning Manager service or disabling it should mitigate the risk.

Cybersecurity firm Arctic Wolf says it has not observed the vulnerability being exploited in the wild, and no proof-of-concept (PoC) exploit targeting it appears to exist publicly.

However, users should apply the available fixes as soon as possible, given that threat actors have targeted Mitel vulnerabilities for which patches have been released.

In January, the Aquabot botnet was seen exploiting a vulnerability in Mitel phones that was addressed in July 2024. Two weeks later, the US cybersecurity agency CISA added two Mitel MiCollab flaws to the KEV catalog.

Related: Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking

Related: SonicWall Patches Critical SMA 100 Vulnerability, Warns of Recent Malware Attack

Related: Airoha Chip Vulnerabilities Expose Headphones to Takeover

Related: New Vulnerabilities Expose Millions of Brother Printers to Hacking

Latest News

CYBERNEWSMEDIAPublisher