CVE-2024-42514

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0024-001-v2.pdf	Broken Link
https://www.mitel.com/support/security-advisories	Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mitel:micontact_center_business:*:*:*:*:*:*:*:*

History

30 May 2025, 01:26

Type	Values Removed	Values Added
First Time		Mitel Mitel micontact Center Business
CPE		cpe:2.3:a:mitel:micontact_center_business::::::::
References	~~() https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0024-001-v2.pdf -~~	() https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0024-001-v2.pdf - Broken Link
References	~~() https://www.mitel.com/support/security-advisories -~~	() https://www.mitel.com/support/security-advisories - Vendor Advisory
References	~~() https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024 -~~	() https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0024 - Vendor Advisory

Information

Published : 2024-10-01 19:15

Updated : 2025-05-30 01:26

NVD link : CVE-2024-42514

Mitre link : CVE-2024-42514

CVE.ORG link : CVE-2024-42514

JSON object : View

Products Affected

mitel

micontact_center_business

CWE

CWE-284

Improper Access Control

8.1 /10