jusquoint Messenger Vulnerability Allows Unauthorized Command Injection
CVE-2024-35285

9.8CRITICAL

Key Information:

Vendor: Mitel MiCollab
Status: Micollab
Vendor: CVE Published:; 21 October 2024

🔔 Create Mitel MiCollab Vulnerability Alert

What is CVE-2024-35285?

A flaw has been identified in the NuPoint Messenger component of Mitel MiCollab, enabling unauthenticated attackers to exploit command injection vulnerabilities. This occurs due to insufficient sanitization of parameters, potentially allowing unauthorized execution of commands within affected versions up to 9.8.0.33. Organizations using this product should assess their security posture and apply appropriate mitigations.

References

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2024

CVE-2024-35285 Data

JSON