CVE-2024-47224

Improper Encoding or Escaping of Output (CWE-116)

Published: Oct 21, 2024 / Updated: 29d ago

010
CVSS 6.5EPSS 0.04%Medium
CVE info copied to clipboard

A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-47224

Oct 21, 2024 at 9:15 PM
First Article

Feedly found the first article mentioning CVE-2024-47224. See article

Oct 21, 2024 at 9:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 21, 2024 at 9:21 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 22, 2024 at 7:49 PM
CVSS

A CVSS base score of 6.5 has been assigned.

Nov 5, 2024 at 9:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Mitel/micollab
+null more

Attack Patterns

CAPEC-104: Cross Zone Scripting
+null more

News

CVE-2024-47224 | Mitel MiCollab up to 9.8.1.201 AWV crlf injection (misa-2024-0025)
A vulnerability, which was classified as critical , was found in Mitel MiCollab up to 9.8.1.201 . This affects an unknown part of the component AWV . The manipulation leads to crlf injection. This vulnerability is uniquely identified as CVE-2024-47224 . It is possible to initiate the attack remotely. There is no exploit available.
CVE-2024-47224
A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing...
CVE-2024-47224
A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing...
CVE-2024-47224 - Mitel MiCollab AWV Conferencing CRLF Injection Vulnerability
CVE ID : CVE-2024-47224 Published : Oct. 21, 2024, 9:15 p.m. 18 minutes ago Description : A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack. Severity: 0.0
CVE-2024-47224
A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack.

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:None
Integrity:High
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI