MITEL disclosed 12 critical vulnerabilities in MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI), with six rated CVSS 10.0. These flaws allow unauthenticated attackers to execute arbitrary commands, posing significant risks to sensitive communications. Key vulnerabilities include command injection, SQL injection, and improper validation techniques. Despite no reported active exploitation, prompt patching is advised.
Affected versions range from MiCollab 10.0 to earlier builds and MiVB SVI versions up to 2.1.0.9-2. Mitel emphasizes an urgent update to the latest patched releases and provides additional mitigation steps for those unable to update immediately.