CVE-2024-47189 – The Mitel MiCollab AWV component has an SQL inj... (How to Fix)

📋 TL;DR

The Mitel MiCollab AWV component has an SQL injection vulnerability in its API interface that allows unauthenticated attackers to execute arbitrary SQL commands. This affects all MiCollab versions through 9.8 SP1 FP2 (9.8.1.201). Attackers could access user provisioning information and potentially manipulate the database.

💻 Affected Systems

Products:

Mitel MiCollab

Versions: All versions through 9.8 SP1 FP2 (9.8.1.201)

Operating Systems: Not OS-specific - affects MiCollab application

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the AWV (Audio, Web and Video Conferencing) component API interface

📦 What is this software?

Micollab by Mitel

View all CVEs affecting Micollab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data exfiltration, modification, or deletion; potential privilege escalation to system-level access.

🟠

Likely Case

Unauthorized access to non-sensitive user provisioning information and limited database manipulation within the AWV component's database.

🟢

If Mitigated

Limited information disclosure if database permissions are properly restricted and input validation is enforced at other layers.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires knowledge of specific details about the system but is unauthenticated with low complexity once details are known

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 9.8 SP1 FP2 (9.8.1.201)

Vendor Advisory: https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0026

Restart Required: Yes

Instructions:

1. Download latest MiCollab update from Mitel support portal
2. Apply update following Mitel's upgrade documentation
3. Restart MiCollab services
4. Verify version is above 9.8.1.201

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to MiCollab AWV API interface to trusted networks only

Web Application Firewall

all

Deploy WAF with SQL injection protection rules in front of MiCollab

🧯 If You Can't Patch

Implement strict network access controls to limit AWV API exposure
Deploy database monitoring to detect SQL injection attempts

🔍 How to Verify

Check if Vulnerable:

Check MiCollab version in administration interface - if version is 9.8.1.201 or earlier, system is vulnerable

Check Version:

Check via MiCollab web admin interface or consult system logs for version information

Verify Fix Applied:

Verify version is above 9.8.1.201 and test AWV API functionality remains operational

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed API authentication attempts
Suspicious API requests to AWV endpoints

Network Indicators:

SQL syntax patterns in HTTP requests to MiCollab API
Unusual database connection patterns from MiCollab server

SIEM Query:

source="*MiCollab*" AND ("SQL" OR "SELECT" OR "UNION" OR "INSERT" OR "DELETE") AND uri_path="*/api/*"

📊 Metadata

CVE ID: CVE-2024-47189

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

CWE: CWE-89

Published: October 21, 2024

Last Updated: July 7, 2025

🔗 References

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0026 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47189, you might also want to check these: