Headline
CVE-2022-26487: Mitel Product Security Advisory 22-0001
Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allow remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic).
MiCollab, MiVoice Business Express Access Control Vulnerability
Advisory ID: 22-0001
Publish Date: 2022-02-22
Last Updated: 2022-02-22
Revision: 1.0
Summary
A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system. If exploited with a denial of service attack, the impacted system may cause significant outbound traffic impacting availability of other services.
Affected Products
Product Name
Product Version
Security Bulletin
Last Updated
Mitel MiCollab
Prior to and including R9.4SP1
22-0001-001
2022-02-22
MiVoice Business Express
Prior to and including R8.1
22-0001-002
2022-02-22
Risk Assessment
The risk of this vulnerability is rated as critical for MiCollab deployments in Server-Gateway mode without firewall protection. The severity is rated high for MiCollab deployments on protected internal networks. Refer to the product Security Bulletin(s) for additional statements regarding risk.
Mitigation / Recommended Action
N/A
External References
N/A
Related CVEs / CWEs / Advisories
N/A
Revision History
Version
Date
Description
1.0
2022-02-22
Initial version