CVE-2024-35287

MEDIUM EPSS 11.0%

Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago

6.7 CVSS 3.1

Medium

Published Oct 21, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges.

CVSS Details

Base Score

6.7

Exploitability

0.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

11.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-276

Affected Products 1

Vendor	Product	Version	Range
mitel	micollab	*	≤9.8.1.5

References 1

mitel.com https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0023

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.