CVE-2024-47224

A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0025

Configurations

No configuration.

History

05 Nov 2024, 21:35

Type	Values Removed	Values Added
CWE		CWE-116
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

23 Oct 2024, 15:12

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en el componente AWV (Audio, Web and Video Conferencing) de Mitel MiCollab hasta la versión 9.8 SP1 FP2 (9.8.1.201) podría permitir que un atacante no autenticado realice un ataque de inyección CRLF debido a una codificación inadecuada de la entrada del usuario en las URL. Una explotación exitosa podría permitir que un atacante realice un ataque de phishing.

21 Oct 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-21 21:15

Updated : 2024-11-05 21:35

NVD link : CVE-2024-47224

Mitre link : CVE-2024-47224

CVE.ORG link : CVE-2024-47224

JSON object : View

Products Affected

No product.

CWE

CWE-116

Improper Encoding or Escaping of Output

6.5 /10