Authentication Bypass in Mitel MiVoice MX-ONE Provisioning Manager
CVE-2024-36446

8.8HIGH

Key Information:

Vendor: Mitel
Status: Mivoice Mx-one
Vendor: CVE Published:; 13 August 2024

What is CVE-2024-36446?

The provisioning manager component of Mitel MiVoice MX-ONE versions up to 7.6 SP1 is susceptible to an authentication bypass vulnerability due to improper access control mechanisms. An authenticated attacker could exploit this weakness to bypass the existing authorization schema, gaining unauthorized access to sensitive functionalities and data within the system. This vulnerability emphasizes the need for robust access control practices to mitigate risks effectively.

References

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
May 28, 2024