Mitel Networks has launched safety updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform.
MX-ONE is the corporate’s SIP-based communications system, which may scale to assist a whole lot of hundreds of customers.
The important safety flaw is because of an improper entry management weak point found within the MiVoice MX-ONE Provisioning Supervisor part and has but to be assigned a CVE ID. Unauthenticated attackers can exploit it in low-complexity assaults that do not require person interplay to realize unauthorized entry to administrator accounts on unpatched techniques.
In line with Mitel, the vulnerability impacts MiVoice MX-ONE operating variations 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14) and was patched in variations 7.8 (MXO-15711_78SP0) and seven.8 SP1 (MXO-15711_78SP1).
“Don’t expose the MX-ONE providers on to the general public web. Make sure that the MX-ONE system is deployed inside a trusted community. The danger could also be mitigated by proscribing entry to the Provisioning Supervisor service,” Mitel stated.
Clients operating MiVoice MX-ONE model 7.3 and later are suggested to submit a patch request to the corporate by way of their licensed service companion.
Right now, Mitel additionally disclosed a high-severity SQL injection vulnerability (CVE-2025-52914) in its MiCollab collaboration platform, which may be abused to execute arbitrary SQL database instructions on unpatched gadgets.
Whereas these two safety bugs haven’t been tagged as exploited within the wild, CISA warned U.S. federal companies in January of a MiCollab path traversal vulnerability (CVE-2024-55550) utilized in assaults and allowed authenticated menace actors with admin privileges to learn arbitrary information on weak servers.
One month earlier, the corporate patched a MiCollab arbitrary file learn zero-day bug (CVE-2024-41713) found by watchTowr Labs researchers, which may let attackers entry information on a server’s file system.
Mitel’s merchandise are used by over 60,000 clients and greater than 75 million customers throughout numerous sectors, together with training, healthcare, monetary providers, manufacturing, and authorities.
Comprise rising threats in actual time – earlier than they affect your enterprise.
Find out how cloud detection and response (CDR) provides safety groups the sting they want on this sensible, no-nonsense information.
