185
Hey there, folks! Have you heard about the recent security updates from Mitel Networks, the Canadian telecom giant? It’s crucial to stay informed, especially when it comes to protecting our systems. One of the notable vulnerabilities patched by Mitel involves a critical authentication bypass flaw in the MiVoice MX-ONE communication platform.
What You Need to Know About the Auth Bypass Flaw in MiVoice MX-ONE
In a recent security advisory, Mitel disclosed a critical authentication bypass vulnerability affecting MiVoice MX-ONE. This flaw could potentially grant unauthorized access to admin or user accounts within the system, highlighting the importance of immediate action to secure your communication platform.
For those unfamiliar, MiVoice MX-ONE is a robust business communication solution offered by Mitel, known for its secure communication features such as text messaging, video calls, and seamless integration with collaboration tools.
The advisory specifically states, “An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which if successfully exploited could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper access control.”
This critical vulnerability has been assigned a CVSS score of 9.4 and affects MiVoice MX-ONE versions 7.3 to 7.8 SP1. Mitel has released patches (MXO-15711_78SP0 and MXO-15711_78SP1) for versions 7.8 and 7.8 SP1 to address the issue.
It’s crucial for users to promptly update their systems with the provided patches to safeguard their communication platform. In cases where immediate updating isn’t feasible, restricting access to the Provisioning Manager and disconnecting the system from the internet are recommended measures to mitigate risks.
Addressing SQL Injection Vulnerability in MiCollab
Aside from MiVoice MX-ONE, Mitel has also tackled another significant vulnerability in MiCollab, a communication tool tailored for businesses seeking enhanced productivity and collaboration. This time, the focus was on an SQL injection flaw impacting the Suite Applications Services component.
As highlighted in the advisory, the SQL vulnerability in MiCollab could be exploited by authenticated attackers to execute arbitrary commands, potentially compromising user provisioning information and system integrity.
The vulnerability, identified as CVE-2025-52914, carries a high severity rating with a CVSS score of 8.8. It affects MiCollab versions 10.0 to 10.0 SP1 FP1, as well as 9.8 SP3 and earlier releases. Mitel has released patches (10.1, 9.8 SP3 FP1) to address this issue, emphasizing the importance of upgrading systems to ensure security.
Kudos to Jasper Korten of Bureau Veritas Cybersecurity for reporting this flaw and contributing to strengthening the security of MiCollab.
We’d love to hear your thoughts on these security updates. Feel free to share your opinions in the comments below!
