CVE-2024-30159 – This vulnerability allows authenticated adminis... (How to Fix)

Q: What is the severity of CVE-2024-30159?

CVE-2024-30159 has a CVSS score of 4.8 (MEDIUM). This vulnerability allows authenticated administrators in Mitel MiCollab web conferencing to inject malicious scripts that execute in other users' browsers. It affects MiCollab versions through 9.7.1.110. Attackers could steal session cookies, redirect users, or perform actions on their behalf.

📋 TL;DR

This vulnerability allows authenticated administrators in Mitel MiCollab web conferencing to inject malicious scripts that execute in other users' browsers. It affects MiCollab versions through 9.7.1.110. Attackers could steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:

Mitel MiCollab

Versions: Through 9.7.1.110

Operating Systems: Not OS-specific - application vulnerability

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated administrative access to exploit

📦 What is this software?

Micollab by Mitel

View all CVEs affecting Micollab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to full system takeover, data exfiltration, or deployment of additional malware within the environment.

🟠

Likely Case

Session hijacking of other administrators or users, credential theft, or unauthorized actions performed in the context of logged-in users.

🟢

If Mitigated

Limited impact due to proper input validation, output encoding, and Content Security Policy implementation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrative credentials and knowledge of the vulnerable input fields

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.7.1.111 or later

Vendor Advisory: https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0005

Restart Required: Yes

Instructions:

1. Download the latest MiCollab version from Mitel support portal. 2. Backup current configuration. 3. Apply the update following Mitel's upgrade documentation. 4. Restart the MiCollab services.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add 'Content-Security-Policy' header with appropriate directives to web server configuration

Restrict Administrative Access

all

Limit administrative accounts to only trusted personnel and implement multi-factor authentication

🧯 If You Can't Patch

Implement strict input validation and output encoding for all user-controllable fields
Monitor administrative account activity and implement session timeouts

🔍 How to Verify

Check if Vulnerable:

Check MiCollab version in administration interface - if version is 9.7.1.110 or earlier, system is vulnerable

Check Version:

Check via MiCollab web interface: Admin > System > About or equivalent menu

Verify Fix Applied:

Verify version is 9.7.1.111 or later in administration interface

📡 Detection & Monitoring

Log Indicators:

Unusual administrative account activity
Multiple failed login attempts followed by successful login
Suspicious script tags or JavaScript in input fields

Network Indicators:

Unexpected outbound connections from MiCollab server
Suspicious JavaScript payloads in HTTP requests

SIEM Query:

source="micollab" AND (event_type="admin_login" OR http_request CONTAINS "<script>" OR http_request CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2024-30159

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: October 21, 2024

Last Updated: March 22, 2025

🔗 References

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0005 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30159, you might also want to check these: