Mitel this week announced patches for a critical-severity vulnerability in the MiVoice MX-ONE enterprise communication platform that could allow attackers to gain administrator rights.
No CVE identifier has been assigned to the flaw, but Mitel says it has a CVSS rating of 9.4, as it could allow remote, unauthenticated attackers to access user or admin accounts on the system.
Mitel describes the security defect as an authentication bypass issue that exists because access controls are not properly implemented.
“An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which if successfully exploited could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper access control,” the company says.
The bug impacts MiVoice MX-ONE versions 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14), and was addressed with the release of MXO-15711_78SP0 and MXO-15711_78SP1 for MX-ONE versions 7.8 and 7.8 SP1, respectively.
“For MiVoice MX-ONE version 7.3 and above, please submit a patch request to your authorized service partner. Patches are made available at Mitel’s discretion,” the company notes.
The vendor urges customers to apply the patches immediately, noting that the MX-ONE services should not be exposed to the internet, and that restricting access to the Provisioning Manager service or disabling it should mitigate the risk.
Cybersecurity firm Arctic Wolf says it has not observed the vulnerability being exploited in the wild, and no proof-of-concept (PoC) exploit targeting it appears to exist publicly.
However, users should apply the available fixes as soon as possible, given that threat actors have targeted Mitel vulnerabilities for which patches have been released.
In January, the Aquabot botnet was seen exploiting a vulnerability in Mitel phones that was addressed in July 2024. Two weeks later, the US cybersecurity agency CISA added two Mitel MiCollab flaws to the KEV catalog.
Related: Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking
Related: SonicWall Patches Critical SMA 100 Vulnerability, Warns of Recent Malware Attack
Related: Airoha Chip Vulnerabilities Expose Headphones to Takeover
Related: New Vulnerabilities Expose Millions of Brother Printers to Hacking
