COOEY // HUBcompliance · community · intelligence

FAIL › dossier

Mitel vendor

7
failure events
0
zero-days
4
RCEs
7
on KEV
5
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 7 events

DateEventSevFlagsShameSummary
2023-02-21 CVE-2022-41223 critical ⚡RCE ⌖KEV 95 The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.
2023-02-21 CVE-2022-40765 critical ⚡RCE ⌖KEV 95 The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.
2022-06-27 CVE-2022-29499 critical ⚡RCE ⌖KEV 95 The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.
2025-01-07 CVE-2024-55550 critical ⌖KEV 80 Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an un
2025-01-07 CVE-2024-41713 critical ⌖KEV 80 Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.
2025-02-12 CVE-2024-41710 high ⚡RCE ⌖KEV 65 Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary comm
2022-03-25 CVE-2022-26143 high ⌖KEV 50 A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.