In a security advisory (AV24-114) dated March 4, 2024, Mitel addresses vulnerabilities in the Mitel MiContact Center Business, specifically version 10.0.0.4 and prior. The identified vulnerabilities could lead to information disclosure attacks due to improper configuration in the legacy chat component. Mitel classifies the risk as high, emphasizing potential impacts on system confidentiality. The Common Vulnerability Scoring System (CVSS) v3.1 rates the overall risk level at 8.6, indicating a significant threat.
Mitel recommends users and administrators review the provided web links and apply necessary updates promptly. The Security Bulletin (ID: 24-0001-001) provides detailed information on the vulnerabilities and suggests mitigation by either turning off the Legacy Chat or converting to CloudLink Contact Center Messenger Chat. Mitel has released hotfixes addressing the vulnerability for MiContact Center Business releases 10.0.0.4, 9.5.0.3, and 9.4.2.0. Users are advised to upgrade to these releases and apply the provided hotfix or move to a later release for enhanced security.
Reference:
