Man-In-the-Middle Vulnerability in Mitel MiCollab and AWV Components
CVE-2021-32068

3.7LOW

Key Information:

Vendor: Mitel
Status: Micollab
Vendor: CVE Published:; 13 August 2021

Summary

The vulnerability present in Mitel's MiCollab and AWV Client Service allows a potential attacker to exploit insufficient TLS session controls by sending multiple session renegotiation requests. This flaw could lead to a Man-In-the-Middle attack, enabling the attacker to intercept and modify application data and state, compromising the integrity and confidentiality of communications.

References

https://www.mitel.com/support/security-advisories

x_refsource_MISC

https://www.mitel.com/support/security-advisories/mitel-p...

x_refsource_MISC

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2021
Vulnerability Reserved
May 6, 2021