CVE-2024-42514

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-42514
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0024-001-v2.pdf Broken Link
https://www.mitel.com/support/security-advisories Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*
History

30 May 2025, 01:26

Type Values Removed Values Added
References () https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0024-001-v2.pdf - () https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0024-001-v2.pdf - Broken Link
References () https://www.mitel.com/support/security-advisories - () https://www.mitel.com/support/security-advisories - Vendor Advisory
References () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024 - () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024 - Vendor Advisory
First Time Mitel
Mitel micontact Center Business
CPE cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*

07 Oct 2024, 19:37

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.1 		v2 : unknown
v3 : 8.1

03 Oct 2024, 16:15

Type Values Removed Values Added
References
  • () https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0024-001-v2.pdf -
Summary
  • (es) Una vulnerabilidad en el componente de chat heredado de Mitel MiContact Center Business hasta la versión 10.1.0.4 podría permitir que un atacante no autenticado realice un ataque de acceso no autorizado debido a controles de acceso inadecuados. Una explotación exitosa podría permitir que un atacante acceda a información confidencial y envíe mensajes no autorizados.
Summary (en) A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit could allow an attacker to access sensitive information and send unauthorized messages. (en) A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session.

01 Oct 2024, 20:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.1
CWE CWE-284

01 Oct 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-01 19:15

Updated : 2025-05-30 01:26

NVD link : CVE-2024-42514

Mitre link : CVE-2024-42514

CVE.ORG link : CVE-2024-42514

JSON object : View

Products Affected

mitel

  • micontact_center_business
CWE
CWE-284

Improper Access Control