Unauthenticated Information Disclosure Vulnerability in Mitel MiContact Center Business Through 10.0.0.4
CVE-2024-28069

7.5HIGH

Key Information:

Vendor: Mitel
Status: MiContact Center Business
Vendor: CVE Published:; 16 March 2024

Summary

A security flaw in the legacy chat component of Mitel MiContact Center Business versions up to 10.0.0.4 enables unauthorized attackers to exploit improper configurations. This vulnerability allows attackers without authentication to execute information disclosure attacks. Successful exploitation can lead to unauthorized access to sensitive data and the potential to perform unauthorized actions within the affected system.

References

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2024
Vulnerability Reserved
Mar 1, 2024