Mitel has released a security update to address critical security flaws in the Mivoice MX-One, which allows attackers to bypass authentication protection.
“Auth bypass vulnerability has been identified in the provisioning manager component of MITEL MIVOICE MX-ONE, which allows inaccurate attackers to carry out authentication bypass attacks with inappropriate access control,” the company announced Wednesday.
“The successful vulnerability allows an attacker to gain unauthorized access to users or administrator accounts within the system.”
The drawbacks that have not yet been assigned a CVE identifier include a CVSS score of 9.4 out of a maximum of 10.0. Affects Mivoice MX-One versions from 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14).
Patches for this issue are now available on MXO-15711_78SP0 and MXO-15711_78SP1, respectively. Customers using Mivoice MX-One version 7.3 or later are advised to submit patch requests to authorized service partners.
It is recommended to limit the direct exposure of MX-One services to the public internet, and ensure that they are located within a trusted network, as they will be mitigated until the fix is applied.
In addition to the authentication bypass flaws, Mytel has sent an update to resolve advanced vulnerabilities in My Club (CVE-2025-52914, CVSS score: 8.8).
“If the exploit is successful, an attacker can access user provisioning information, potentially affecting system confidentiality, integrity and availability, and execute any SQL database command,” says Mitel.
Vulnerabilities affecting Micollab versions 10.0 (10.0.0.26) and 10.0 SP1 FP1 (10.0.1.101) and 9.8 SP3 (9.8.3.1) were resolved in versions 10.1 (10.1.0.10), 9.8 SP3 FP1 (9.8.3.103).
Due to the drawbacks of Mytel devices in the past, it is essential that users move quickly to update their installations as quickly as possible to mitigate potential threats.
Source link
