CVE-2024-36446

The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mitel:mivoice_mx-one:*:*:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice_mx-one:7.6:-:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice_mx-one:7.6:sp1:*:*:*:*:*:*

History

12 Sep 2024, 20:47

Type Values Removed Values Added
First Time Mitel mivoice Mx-one
Mitel
CPE cpe:2.3:a:mitel:mivoice_mx-one:*:*:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice_mx-one:7.6:sp1:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice_mx-one:7.6:-:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
Summary
  • (es) El componente del administrador de aprovisionamiento de Mitel MiVoice MX-ONE hasta 7.6 SP1 podría permitir que un atacante autenticado lleve a cabo un ataque de elusión de autenticación debido a un control de acceso inadecuado. Un exploit exitoso podría permitir a un atacante eludir el esquema de autorización.
References () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0017 - () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0017 - Vendor Advisory
CWE NVD-CWE-noinfo

13 Aug 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 17:15

Updated : 2024-09-12 20:47


NVD link : CVE-2024-36446

Mitre link : CVE-2024-36446

CVE.ORG link : CVE-2024-36446


JSON object : View

Products Affected

mitel

  • mivoice_mx-one