Lucene search

[email protected]NVD:CVE-2024-36446

HistoryAug 13, 2024 - 5:15 p.m.

CVE-2024-36446

2024-08-1317:15:23

[email protected]

web.nvd.nist.gov

mitel

mivoice

mx-one

authentication bypass

vulnerability

access control

authorization schema

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema.

Affected configurations

Nvd

Node

mitelmivoice_mx-oneRange<7.6

mitelmivoice_mx-oneMatch7.6-

mitelmivoice_mx-oneMatch7.6sp1

VendorProductVersionCPE
mitelmivoice_mx-one*cpe:2.3:a:mitel:mivoice_mx-one:*:*:*:*:*:*:*:*
mitelmivoice_mx-one7.6cpe:2.3:a:mitel:mivoice_mx-one:7.6:-:*:*:*:*:*:*
mitelmivoice_mx-one7.6cpe:2.3:a:mitel:mivoice_mx-one:7.6:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
mitel	mivoice_mx-one	*	cpe:2.3:a:mitel:mivoice_mx-one::::::::
mitel	mivoice_mx-one	7.6	cpe:2.3:a:mitel:mivoice_mx-one:7.6:-::::::
mitel	mivoice_mx-one	7.6	cpe:2.3:a:mitel:mivoice_mx-one:7.6:sp1::::::

References

www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0017

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

Related for NVD:CVE-2024-36446

cvelist1 vulnrichment1 cve1