CVE-2024-42514

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0024-001-v2.pdf	Broken Link
https://www.mitel.com/support/security-advisories	Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-10-01 19:15

Updated : 2025-05-30 01:26

NVD link : CVE-2024-42514

Mitre link : CVE-2024-42514

CVE.ORG link : CVE-2024-42514

JSON object : View

Products Affected

mitel

micontact_center_business

CWE

CWE-284

Improper Access Control

{"id": "CVE-2024-42514", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-10-01T19:15:07.883", "references": [{"url": "https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0024-001-v2.pdf", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "https://www.mitel.com/support/security-advisories", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session."}, {"lang": "es", "value": "Una vulnerabilidad en el componente de chat heredado de Mitel MiContact Center Business hasta la versi\u00f3n 10.1.0.4 podr\u00eda permitir que un atacante no autenticado realice un ataque de acceso no autorizado debido a controles de acceso inadecuados. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante acceda a informaci\u00f3n confidencial y env\u00ede mensajes no autorizados."}], "lastModified": "2025-05-30T01:26:00.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7CB4AB4-E082-4C02-BAED-9EA1497C197A", "versionEndIncluding": "10.1.0.4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}