CVE-2024-28815: Mitel Patches Critical Security Flaw in InAttend and CMG Solutions

CVE-2024-28815

Mitel, a leading provider of communications solutions, has issued a critical security patch to address a vulnerability in its InAttend and CMG products. The vulnerability, tracked as CVE-2024-28815, has a CVSS score of 9.8, indicating a severe risk.

CVE-2024-28815

The Vulnerability

The vulnerability resides in the BluStar component of these Mitel products and stems from improper configuration. If exploited, an unauthenticated attacker could gain access to sensitive information, modify critical system settings, or even execute malicious code on the affected systems.

Affected Products

Here are the affected versions of the Mitel products:

  • Mitel InAttend versions 2.6 SP4 to 2.7
  • Mitel CMG versions 8.5 SP4 to 8.6.

Mitigating the Risk

Mitel strongly urges users of these products to upgrade to the fixed versions as soon as possible:

  • Mitel InAttend version 2.8
  • Mitel CMG version 8.7

Customers can find the relevant patches and instructions in Mitel Knowledge Base article SO7977: “Mitel InAttend and Mitel CMG Security Update, CVE-2024-28815” at https://mitel.custhelp.com/app/answers/answer_view/a_id/1020393.

Protecting Your Systems

This Mitel security advisory highlights the importance of keeping systems up-to-date. Cyber threats are constantly evolving, and vulnerabilities like this one emphasize the need for prompt patching. Organizations that prioritize security and regularly apply updates can significantly reduce their attack surface and protect critical data.

Additional Tips

Beyond applying the latest updates, consider the following tips to enhance your security posture:

  • Implement strong password policies and enforce multi-factor authentication.
  • Limit user privileges to the bare minimum required.
  • Regularly audit and review system configurations to spot potential weaknesses.